CN114946152A - Decentralized techniques for authenticating data in transport layer security and other contexts - Google Patents

Decentralized techniques for authenticating data in transport layer security and other contexts Download PDF

Info

Publication number
CN114946152A
CN114946152A CN202080073715.3A CN202080073715A CN114946152A CN 114946152 A CN114946152 A CN 114946152A CN 202080073715 A CN202080073715 A CN 202080073715A CN 114946152 A CN114946152 A CN 114946152A
Authority
CN
China
Prior art keywords
client device
verifier
server
secure session
server device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202080073715.3A
Other languages
Chinese (zh)
Inventor
张帆
赛·克里希纳·迪帕克·玛拉姆
哈贾斯利·马尔维
史蒂文·戈德费德
阿里·朱尔斯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cornell University
Original Assignee
Cornell University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cornell University filed Critical Cornell University
Publication of CN114946152A publication Critical patent/CN114946152A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3218Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/46Secure multiparty computation, e.g. millionaire problem
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/76Proxy, i.e. using intermediary entity to perform cryptographic operations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)

Abstract

The verifier device in one embodiment is configured to communicate with the client device and the server device via one or more networks. The authenticator device participates in a three-way handshake protocol with the client device and the server device, wherein the authenticator device and the client device obtain respective shares of a session key for a secure session with the server device. The authenticator device receives a submission from the client device relating to the secure session of the server device and, in response to receiving the submission, releases additional information relating to the secure session previously inaccessible to the client device. The verifier device verifies correctness of at least one characterization of data obtained by the client device from the server device as part of the secure session based at least in part on the submission and the additional information.

Description

Decentralized techniques for authenticating data in transport layer security and other contexts
Cross Reference to Related Applications
The present application claims a file filed 2019 on 30/8 and titled "DECO: priority of U.S. provisional patent application No. 62/894,052 for a Decentralized propheter for TLS (DECO), which is incorporated herein by reference in its entirety.
Statement of government support
The invention was made with U.S. government support under grant numbers CNS-1514163, CNS-1564102, CNS-1704615 and CNS-1933655 of the National Science Foundation (NSF) and the ARO institute grant number W911NF 161-0145. The government has certain rights in the invention.
Technical Field
The art relates generally to information security, including, for example, techniques for attesting to the correctness of data from a particular source or otherwise verifying data obtained in the context of Transport Layer Security (TLS) and in other contexts.
Background
Thanks to the widespread deployment of TLS, users can access private data via a channel with end-to-end confidentiality and integrity. However, what the user cannot do is prove to a third party the provenance of such data, i.e. that it really came from a particular website. Existing approaches introduce undesirable trust assumptions or require server-side modifications. As a result, the value of the user's private data is locked in its point of origin.
Disclosure of Invention
The illustrative embodiments are directed to TLS and provide a decentralized oracle in numerous other applications where it is necessary or otherwise desirable to prove that data is coming from a particular source.
For example, some embodiments overcome the above-described disadvantages of existing methods by providing a decentralized prolog machine (illustratively referred to herein as DECO) that allows a user to prove that a piece of data accessed via TLS is from a particular web site, and optionally to prove statements about such data with zero knowledge, thereby keeping the data itself secret. The DECO can thus release data from the centralized network services repository, making it accessible to rich applications. Advantageously, the DECO in the illustrative embodiments operates without trusted hardware or server-side modifications.
In one embodiment, an apparatus includes a verifier device that includes a processor and a memory coupled to the processor. The verifier device is configured to communicate with the client device and the server device via one or more networks. The authenticator device participates in a three-way handshake protocol with the client device and the server device, where the authenticator device and the client device obtain respective shares of a session key for a secure session with the server device. The authenticator device receives a submission from the client device relating to a secure session of the server device and, in response to receiving the submission, releases additional information relating to the secure session previously inaccessible to the client device. The verifier device verifies correctness of at least one characterization of data obtained by the client device from the server device as part of the secure session based at least in part on the submission and the additional information.
It will be appreciated that the foregoing arrangement is merely an example, and that numerous alternative arrangements are possible.
These and other embodiments of the invention include, but are not limited to, systems, methods, apparatus, processing devices, integrated circuits, and processor-readable storage media having software program code embodied therein.
Drawings
FIG. 1 shows an information processing system implementing a decentralized oracle for TLS in an illustrative embodiment.
Fig. 2 is a flow diagram of a process for implementing a decentralized oracle for TLS in an illustrative embodiment.
FIG. 3 shows an example of decentralized oracle functionality in an illustrative embodiment.
Figure 4 illustrates stages of device interaction in a decentralized oracle implementation including a server device, a prover device and a verifier device in an illustrative embodiment.
FIG. 5 shows example data including bank statement information for exposing selective opening and context integrity attacks in an illustrative embodiment.
FIG. 6 shows a detailed view of one possible implementation of a decentralized oracle protocol in an illustrative embodiment.
FIG. 7 shows a detailed example of a three-way handshake protocol for implementing a decentralized oracle in an illustrative embodiment.
FIG. 8 shows a protocol conducted between a prover device and a verifier device to establish key sharing in an illustrative embodiment.
Fig. 9 and 10 show additional examples of protocols utilized in connection with implementation of decentralized oracle in illustrative embodiments.
Fig. 11 shows an intelligent contract embodiment involving two parties in which one of the parties utilizes a decentralized oracle to obtain information provided to the intelligent contract.
Fig. 12 and 13 show example data processed using respective revealing and revision (readact) modes of one or more decentralized propheters in an illustrative embodiment.
FIG. 14 shows pseudo code for two-stage parsing of unique key syntax in an illustrative embodiment.
Detailed Description
Embodiments of the invention may be implemented, for example, in the form of an information handling system comprising a computer network or other arrangement of networks, clients, servers, processing devices, and other components. Illustrative embodiments of such systems are described in detail herein. However, it should be understood that embodiments of the present invention are more generally applicable to a wide variety of other types of information handling systems and associated networks, clients, servers, processing devices, or other components. Accordingly, the term "information handling system" as used herein is intended to be broadly construed to encompass these and other arrangements.
FIG. 1 shows an information processing system 100 implementing a decentralized oracle for TLS in an illustrative embodiment. The system 100 includes a plurality of client devices 102-1, 102-2 … … 102-N and a verifier device 104, the client devices and the verifier device configured to communicate via a network 105. A given one of the client devices 102 may comprise, for example, a laptop computer, a tablet computer, or a desktop personal computer, a mobile phone, or another type of computer or processing device, as well as combinations of multiple such devices. The verifier device 104 may similarly comprise various types of processing devices, each including at least one processor and at least one memory coupled to the at least one processor.
Network 105 may illustratively include, for example: a global computer network, such as the Internet, a Wide Area Network (WAN), a Local Area Network (LAN), a satellite network, a telephone or cable television network; cellular networks, such as 3G, 4G or 5G networks; wireless networks implemented using wireless protocols such as bluetooth, WiFi, or WiMAX, or various portions or combinations of these and other types of communication networks.
The system 100 further includes a plurality of TLS servers 106 associated with respective protected data sources 108. The TLS server 106 is illustratively configured to control access to its respective protected data source 108. At least a subset of the protected data sources 108 illustratively includes respective websites having HTTPS functions, where HTTPS refers to the secure hypertext transfer protocol, which is an extension of the hypertext transfer protocol (HTTP). It should be appreciated that a wide variety of additional or alternative data sources may be used in other embodiments. The protected data source 108 of the system 100 is protected in the sense that it is securely accessible through at least one of the TLS servers 106 via HTTPS. Other data sources need not be accessible in this particular manner, and additional or alternative access control mechanisms may be implemented, and/or may be publicly accessible using other types of security protocols.
Further, although the illustrative embodiments herein utilize a particular type of server or servers (e.g., TLS server 106), it should be appreciated that other types of security protocols may be used in other embodiments and may be implemented in other types of server devices. Thus, the term "server device" as used herein is intended to be broadly understood and should not be construed as being limited to TLS servers in any way.
In some embodiments, the client device 102 operates as a corresponding prover device with respect to the verifier device 104 or other Zero Knowledge Proof (ZKP) predictive machine node 110 of the system 100. Thus, the verifier device 104 may be considered a ZKP predictive engine node of the system 100. Thus, a given "validator device," as that term is used broadly herein, may comprise a particular prolog-tor node of a set of prolog-tor nodes, e.g., of a decentralized prolog-tor system (e.g., system 100).
The particular number, type, and arrangement of devices and other components in the system 100 are presented as illustrative examples only and may be varied in other embodiments. For example, although only a single verifier device 104 is shown in this embodiment, other embodiments may include multiple verifier devices, as in arrangements in which other ZKP predictive machine nodes 110 operate as respective verifier devices. Further, one or more of the TLS servers 106 may each be configured to control access to multiple ones of the protected data sources 108. Numerous other decentralized propheter arrangements are possible.
The verifier device 104 includes a three-way handshake module 112, a post-handshake interaction module 114, and a proof verification module 116. These modules implement respective different ones of the decentralized prolog protocols, also referred to herein as the DECO protocols, as described in more detail below.
In the present embodiment, the verifier device 104 further comprises a processor 120, a memory 122 and a network interface 124. It is assumed that processor 120 is operatively coupled to memory 122 and to network interface 124 via the simplified illustrative interconnect shown in the figures.
The processor 120 may include, for example, a microprocessor, an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA), a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), an Arithmetic Logic Unit (ALU), a Digital Signal Processor (DSP), or another similar processing device component, in any combination, as well as other types and arrangements of processing circuitry. At least a portion of the functionality of the decentralized oracle provided by a given processing device as disclosed herein may be implemented using such circuitry.
The memory 122 stores software program code for execution by the processor 120 in implementing portions of the functionality of the processing device. For example, at least a portion of the functionality of modules 112, 114, and 116 may be implemented using program code stored in memory 122.
A given such memory, which stores such program code for execution by the corresponding processor, is an example of what is more generally referred to herein as a processor-readable storage medium having program code embodied therein, and may comprise, in any combination, other types of storage devices, such as electronic memory, e.g., SRAM, DRAM, or other types of random access memory, Read Only Memory (ROM), flash memory, magnetic memory, optical memory, or any combination.
Articles of manufacture that include such processor-readable storage media are considered embodiments of the invention. The term "article of manufacture" as used herein should be understood to not include a transitory propagating signal.
In other embodiments, other types of computer program products comprising a processor-readable storage medium may be implemented.
Additionally, embodiments of the invention may be implemented in the form of an integrated circuit that includes processing circuitry configured to implement processing operations associated with one or more of the client device 102, the verifier device 104, the TLS server 106, and other ZKP predictive machine nodes 110.
The network interface 124 is configured to allow the verifier device 104 to communicate with other system elements via the network 105, and may include one or more conventional transceivers.
In operation, in the illustrative embodiment, the verifier device 104 is configured to participate in a three-way handshake protocol with a given one of the client devices 102 (e.g., client device 102-1) and a given one of the TLS servers 106. Such participation is illustratively controlled by the three-way handshake module 112 of the verifier device 104. In conjunction with the execution of the three-way handshake protocol, the authenticator device 104 and the client device 102-1 obtain a respective share of the session key for the secure session with a given TLS server. The secure session illustratively includes a TLS session.
The authenticator device 104 receives a submission from the client device 102-1 relating to a secure session for a given TLS server. In response to receiving the submission, the authenticator device 104 releases additional information related to the secure session previously inaccessible by the client device 102-1 to the client device 102-1. These operations related to commit are illustratively under the control of the post-handshake interaction module 114.
The verifier device 104 verifies correctness of at least one characterization of data obtained by the client device 102-1 from a given TLS server as part of the secure session based at least in part on the submission and the additional information. Such verification illustratively occurs under the control of the attestation verification module 116.
In some embodiments, the verifier device 104 is further configured to initiate one or more automated actions in response to verification of correctness of at least one characterization of data obtained by the client device 102-1 from a given TLS server. For example, the authenticator device 104 may return authentication information or other related information to the client device 102-1.
As an example, the submission related to the secure session may include a submission of query response data obtained by the client device 102-1 from a given TLS server as part of the secure session.
As another example, the submission related to the secure session may include a submission of a prover key that was established by the client device 102-1 in conjunction with the three-way handshake protocol, but was previously inaccessible by the authenticator device 104. In other embodiments, other types of submissions may be used.
In some embodiments, the additional information released to the client device 102-1 in response to receiving the submission includes an authenticator key established by the authenticator device 104 in conjunction with the three-way handshake protocol, but previously inaccessible by the client device 102-1.
In other embodiments, the verifier device 104 is further configured to operate as a proxy for the client device 102-1 in conjunction with the interaction between the client device 102-1 and the given TLS server, such that the verifier device 104 automatically obtains, via the verifier device 104 operating as a proxy, the ciphertext exchanged between the client device 102-1 and the given TLS server as part of the secure session. Such an embodiment is referred to herein as a "proxy mode" arrangement.
In some embodiments, the verifier device 104 is further configured to receive, from the client device 102-1, one or more statements characterizing data obtained by the client device 102-1 from a given TLS server as part of a secure session.
For example, a given one of the one or more statements illustratively includes a selectively revealed substring of query response data obtained by the client device 102-1 from a given TLS server as part of a secure session.
As another example, a given one of the one or more statements is illustratively configured to provide contextual integrity by utilizing a multi-phase resolution protocol in which query response data obtained by the client device 102-1 from a given TLS server as part of a secure session is pre-processed by the client device 102-1 to generate reduced data that is subsequently parsed by the client device 102-1 in connection with the generation of the given statement to be sent by the client device 102-1 to the verifier device 104.
A wide variety of other types of statements characterizing data obtained by the client device 102-1 from a given TLS server as part of a secure session may be used in other embodiments.
In some embodiments, in conjunction with the three-way handshake protocol, the client device 102-1 and the verifier device 104 jointly establish one or more shared session keys with a given TLS server, wherein the client device 102-1 has a first share of a given one of the one or more shared session keys, the verifier device 104 has a second share of the given shared session key, and the given TLS server has a composite session key that combines the first share and the second share.
Additionally or alternatively, in conjunction with the three-way handshake protocol, the client device 102-1 receives an encryption key from a given TLS server that is not accessible by the authenticator device 104.
In some embodiments, the authenticator device 104 and the client device 102-1 cooperate using their respective shares of the session key for the secure session with the given TLS server to generate a query that is provided by the client device 102-1 to the given TLS server to request the given TLS server to send data to the client device 102-1.
The authenticator device 104 and the client device 102-1 may cooperate using their respective shares of the session key for the secure session with the given TLS server to authenticate the response provided by the given TLS server to the client device 102-1 in response to the query.
In some embodiments, in conjunction with the three-way handshake protocol, the client device 102-1 and the verifier device 104 establish respective prover and verifier keys. In such an embodiment, verifying the correctness of at least one representation of data obtained by the client device 102-1 from a given TLS server as part of a secure session illustratively includes verifying the attestation provided by the client device 102-1 to the verifier device 104. The attestation is illustratively generated by the client device 102-1 based at least in part on: (i) a prover key established by the client device 102-1 in conjunction with a three-way handshake protocol; (ii) a verifier key established by the verifier device 104 in conjunction with a three-way handshake protocol; and (iii) secret information of the client device 102-1, such as a password or passcode.
In some embodiments, verifying the correctness of at least one representation of data obtained by the client device 102-1 from a given TLS server as part of a secure session illustratively comprises: obtaining data derived from at least a portion of at least one ciphertext of the secure session; and verifying, by the client device 102-1, correctness of the at least one representation of the data. The term "ciphertext," as used in this context and elsewhere herein, is intended to be broadly understood and should not be construed as requiring the use of any particular cryptographic protocol.
It should be appreciated that the particular arrangement of components and other system elements shown in fig. 1 and their associated processing operations as described above are presented merely as illustrative examples, and that numerous alternative embodiments are possible.
For example, although the verifier device 104 in the system 100 is illustratively shown as a single processing device comprising a processor coupled to a memory, in other embodiments, the verifier device may comprise a distributed verifier device, wherein the functionality of the verifier device 104 is distributed across a plurality of different processing devices. In such embodiments, the role of the verifier in the various protocols disclosed herein may be distributed across a plurality of different parties executing a multi-party protocol, where each such party is associated with a different one of a plurality of processing devices of the distributed verifier device. Thus, the term "device" as used herein is intended to be broadly understood to encompass at least one processing device comprising a processor coupled to a memory, and thus a plurality of such processing devices as in the case of a distributed verifier device.
FIG. 2 shows an exemplary process that is illustratively implemented by the authenticator device 104 interacting with one of the client devices 102 as an authenticator with respect to data controlled by one of the TLS servers 106. It should be understood that this particular process is merely an example, and that additional or alternative processes may be undertaken, at least in part, by the prover, verifier and server entities in other embodiments.
In this embodiment, the process illustratively includes steps 200 through 208. As described above, it is assumed that at least part of these steps are performed at least in part by the verifier device 104 interacting with one of the client devices 102 and further involving one of the TLS servers 106. These components are also referred to as a verifier, a prover, and a server, respectively, in the context of the process of FIG. 2.
In step 200, the authenticator participates in a three-way handshake protocol with the client and server, where the client acts as an authenticator.
In step 202, in conjunction with the three-way handshake protocol, the authenticator and the prover obtain respective shares of the session key for the secure session with the server.
In step 204, the verifier receives a submission from the prover relating to a secure session of the server.
In step 206, in response to receiving the submission, the authenticator releases additional information to the prover related to the secure session that was previously inaccessible by the prover.
In step 208, the verifier verifies correctness of at least one characterization of the data obtained by the prover from the server as part of the secure session based at least in part on the submission and the additional information.
Numerous other techniques may be used in association with implementations of a decentralized oracle as disclosed herein.
Thus, the particular process operations and other functionality described in connection with the flowchart of FIG. 2 are presented merely as illustrative examples and should not be construed as limiting the scope of the invention in any way. Alternate embodiments may use other types of processing operations involving a verifier device, a prover device, and a server device. For example, the ordering of process steps may be varied in other embodiments, or certain steps may be performed concurrently with one another rather than sequentially. Furthermore, multiple instances of the process may be conducted in parallel with one another within the system 100 for different sets of respective provers, verifiers, and server devices. Thus, the system 100 can implement a large number of decentralized oracle machines simultaneously using the techniques disclosed herein.
Additional aspects of the illustrative embodiments will now be described with reference to fig. 3-14.
The widespread deployment of TLS allows users to access private data via a channel with end-to-end confidentiality and integrity. However, what the user cannot easily do under conventional practice is to prove to a third party the provenance of such data, i.e. that it really came from a particular website. Existing approaches introduce undesirable trust assumptions or require server-side modifications.
As a result, the user's private data is locked at its point of origin. Users cannot export their data to other applications in an integrity protected manner without assistance and permission from the current data holder.
Illustrative embodiments herein provide a technique known as DECO (an abbreviation for decentralized propheter) to address these and other issues. DECO allows a user to prove that a piece of data accessed via TLS is coming from a particular web site, and optionally a statement about such data with zero knowledge, thereby keeping the data itself secret. Advantageously, the DECO in the illustrative embodiments may be implemented without requiring trusted hardware or server-side modifications.
The DECO can release data from the centralized network services repository, making it accessible to rich applications. To demonstrate the efficacy of DECO, we implemented three applications that were difficult to achieve without DECO: the method includes the steps of using a private financial instrument of an intelligent contract, converting a legacy credential to an anonymous credential, and a verifiable statement to discriminate against prices.
It should be appreciated that these and other references to DECO herein refer to illustrative embodiments and that the particular features, functionality, advantages, and other details of those embodiments should not be construed as limiting in any way. Alternate embodiments may implement additional or alternate techniques for verifying data sources in TLS and other contexts.
As indicated above, TLS is a powerful, widely deployed protocol that allows users to access network data via a confidential, integrity-protected channel. However, TLS has serious limitations: it does not allow a user to prove to a third party that a piece of data she has visited actually came from a particular website. Thus, data usage is typically limited to its point of origin, thereby reducing data portability for users, which is the right to be confirmed by recent legislation (e.g., GDPR).
Specifically, when a user accesses data online via TLS, she cannot export it securely without assistance (and therefore permission) from the current data holder. Thus, large amounts of private data are locked, intentionally or unintentionally, in "deep nets", which are portions of the network that are not publicly accessible.
To better understand the problem, consider the example where Alice wants to prove to Bob that she is 18 years old. Currently, age verification services typically require users to upload IDs and detailed personal information, which raises privacy concerns. But various websites, such as corporate payment records or DMV websites, in principle store and serve verified birth dates. Alice may send a screenshot of her birth date from this site, but this is easily forged. Also, even if the screen shot could prove to be authentic in some way, information (revealing her exact date of birth) would be leaked, not only if she was 18 years old.
The predictive engine was originally proposed to prove the provenance of online data to smart contracts, a step towards exporting TLS-protected data to other systems with provenance and integrity guarantees. However, the existing solutions have serious technical limitations. It works only for obsolete TLS versions and does not provide privacy from the prediction engine (e.g. tlsnottary) or relies on trusted hardware (e.g. Town criser), for which various attacks have recently emerged. Another category of prophetic schemes assume server-side collaboration, entrusting the server to install TLS extensions or change application layer logic. The server-facilitated predictive engine approach suffers from two basic problems. First, it breaks traditional compatibility, resulting in a significant barrier to wider adoption. Furthermore, this solution only provides conditional exportability, since the web server has a unique discretionary right (sole discovery) to determine which data can be exported, and can review export attempts at will. A mechanism that allows a user to export whatever data they may access would enable many applications that are not currently available.
To address the above issues, illustrative embodiments disclosed herein provide an arrangement known as DECO, a decentralized oracle for TLS. Unlike the predictive engine approach, which requires per-site support, DECO is illustratively any site that is source agnostic and supports running standard TLS. Unlike solutions that rely on participation of a website, DECO does not require server-side collaboration. Thus, a single instance of DECO may enable anyone to be a speaker of any website.
DECO enables rich internet data to be accessed by a wide range of applications, including applications that do not have access to the internet, such as smart contracts, for authenticity and privacy assurance. DECO can radically change today's network data dissemination model by providing private data delivery with options to transmit to third parties or to publish. This technical capability highlights potential future legal and regulatory challenges, but also anticipates the creation and delivery of new services that are attractive. Importantly, unlike some alternative methods, DECO does not require trusted hardware.
In some embodiments, at a high level, the prover submits a block of data D and proves to the verifier that D is from the TLS server
Figure GDA0003767487980000091
And optionally submit a statement π about D D . Referring again to the example demonstrating age, state π D May assert that "D is Alice's date of birth and current date-D is at least 18 years".
Informally, DECO implements authenticity-the verifier is only validating that the statement about D is true and D is actually from the TLS server
Figure GDA0003767487980000092
Is only assured when obtained. DECO also provides privacy because the verifier only learns to state π D To the slave
Figure GDA0003767487980000093
Some D obtained holds.
Designing a DECO with the required security and feasible capabilities introduces several important technical challenges while using traditional TLS-compatible primitives. One challenge stems from the fact that TLS produces symmetric encryption and authentication keys that are shared by the client (e.g., the prover in DECO) and the web server. Thus, the client can forge any TLS session data in the sense that the data is signed with a valid authentication key.
To address this challenge, the DECO introduces a novel three-way handshake protocol among the prover, the verifier, and the web server that creates an unforgeable submission by the prover to the verifier of a piece of TLS session data D. The verifier can check that D is truly coming from the TLS server. From the perspective of the prover, three-way handshaking maintains the security of TLS in the presence of a malicious verifier.
After submission to D, the prover proves statements about the submission. While theoretically any statement could be supported, we optimize for the most popular applications possible-only revealing the substring of the response to the verifier. We refer to this statement as selective opening. Fine-grained selective opening allows users to hide sensitive information and reduce the input length of subsequent proofs.
An immature solution would involve expensive verifiable decryption of TLS records using the universal zero knowledge proof of knowledge (ZKP), but the illustrative embodiments herein achieve magnitude-level efficiency improvements by utilizing the TLS record structure. For example, a straightforward implementation of verifiable decryption of TLS records would involve proof of correct execution of a circuit of 1024 AES calls with zero knowledge, whereas by utilizing the MAC-then-encryption (MAC-then-encrypt) structure of CBC-HMAC, the illustrative embodiments herein may achieve the same result with only 3AES calls.
Selective opening allows the prover to only reveal the substring D 'of the server's response D. However, substrings can mean different things depending on the time they occur, and malicious provers can cheat by breaking the sense of a chapter. We therefore need to prove not only that D 'appears in D, but also in the intended context, i.e. D' has contextual integrity with respect to D. (Note that this is different from "context completeness" in privacy theory.)
If the session content is structured and parsable, context integrity attacks can be prevented. Fortunately most network data takes this form (e.g., in JavaScript object notation (JSON) or hypertext markup language (HTML)). A common solution is to parse the entire session and prove that the disclosed part belongs to the necessary branches of the parse tree. However, under certain constraints that are typically met by network data, it is not necessary to parse the entire session. Some embodiments disclosed herein provide a novel two-phase parsing scheme in which the prover pre-processes the session content and only parses the typically much smaller results. We extract from the interpretation of the equivalent of the program as used in programming language theory to build a formal framework on the security of the two-phase parsing scheme. The illustrative embodiments disclosed herein provide several practical implementations for a particular syntax. Our definitions and constructs are generalized to other prophetics as well. For example, it may prevent a common form of content hiding attack.
With respect to implementation and evaluation of the illustrative embodiments, we designed and implemented DECO as a complete end-to-end system. To demonstrate the efficacy of the system, we implemented three applications: 1) maintaining a financial instrument using the confidentiality of the smart contract;
2) converting the legacy credential into an anonymous credential; and 3) verifiable statements against price discrimination.
Our experiments for these applications show that DECO is very effective. For example, for TLS1.2 in the WAN setting, the online time is 2.85s for a three-way handshake and 2.52s for 2PC query execution. For the application described above, it takes about 3s to 13s to produce a zero knowledge proof. More details are provided elsewhere herein.
The DECO as disclosed in connection with illustrative embodiments to be described in detail below advantageously provides a provable secure decentralized orable scheme. In some embodiments, the DECO provides a propheter solution for modern TLS versions that does not require trusted hardware or server-side modifications.
We also describe in detail below a broad category of statements of TLS records that can be effectively certified in zero knowledge using DECO. This statement allows the user to open only the substring of the session data submission. The optimization achieves substantial efficiency improvements over the universal ZKP.
With respect to contextual integrity attacks and mitigation, we identify a new class of contextual integrity attacks that are common to privacy preserving speakers, and we describe our mitigation methods that involve a novel and effective two-phase resolution scheme.
Transport Layer Security (TLS)
We now provide some context to the TLS handshake and recording protocol on which the DECO is built in the illustrative embodiment.
TLS is a series of protocols that provide privacy and data integrity between two communicating applications. Roughly speaking, it consists of two protocols: a handshake protocol that establishes a session using asymmetric cryptography, thereby establishing a shared client and server key for a next protocol; a protocol is recorded in which symmetric cryptography is used to protect the transmitted data with confidentiality and integrity.
In a handshake protocol, the server and client first agree on a set of cryptographic algorithms (also called a set of cryptographic procedures). They then authenticate each other (client authentication optional) and finally securely compute the shared secret to be used for the subsequent recording protocol.
In the illustrative embodiment, DECO utilizes elliptic curve Diffie-Hellman (DH) key exchange (ECDHE) with ephemeral secrets, but this is by way of example and not of limitation.
To transport application layer data (e.g., HTTP messages) in TLS, the recording protocol first segments the application data D into fixed-size plaintext records D ═ D (D) 1 ,…,D n ). Each record is typically padded to multiple blocks (e.g., 128 bits). The recording protocol then optionally compresses the data, applies the MAC, encrypts, and transmits the results. The received data is decrypted, verified, decompressed, reassembled, and then delivered to a higher level protocol. The particular cryptographic operation depends on the negotiated set of cryptographic programs. DECO supports advanced encryption standards in two common modes(AES) cipher: CBC-HMAC and GCM, wherein CBC-HMAC refers to cipher block chaining-hash-based message authentication code, and GCM refers to Galois/counter mode. Additional details regarding these and other aspects of TLS can be found, for example, in t.dierks and e.rescorla, "Transport Layer Security (TLS) protocol version 1.2," RFC 5246, 2008, which is incorporated herein by reference. Likewise, other protocols may be used in other embodiments.
In some embodiments herein, we focus on TLS1.2, and describe later how our technique is generalized to TLS 1.3. Here we briefly note the main difference between these two TLS versions. TLS 1.3 removes the support of traditional non-AEAD ciphers. The handshake flow has also been reconstructed. All handshake messages after ServerHello are now encrypted. Finally, different key derivation functions are used. Additional details can be found in e.recorla's "Transport Layer Security (TLS) protocol version 1.3," RFC 8446, 2018, which is incorporated herein by reference.
Multi-party computing
Considering groups of n parties
Figure GDA0003767487980000121
Each of which holds a number of secrets s i . Secure multi-party computation (MPC) allows it to compute f(s) collectively without leaking any information other than the output of f i ,…,s n ) That is to say that,
Figure GDA0003767487980000122
to s j≠i Nothing is known. The security of the MPC protocol typically considers an adversary who destroys t players and tries to learn the personal information of honest players. A two-way calculation (2PC) refers to the special case where n is 2 and t is 1.
There are two general approaches to the 2PC protocol. The scrambling circuit protocol encodes f as a boolean circuit, which is the most suitable method for bitwise operations (e.g., SHA-256). Other protocols utilize threshold secret sharing and are best suited for arithmetic operations. But in some embodiments the function we compute using 2PC includes both bitwise and arithmetic operations. We split it into two components and use an optimized scrambling circuit protocol for bitwise operations and a secret sharing based MtA protocol for arithmetic operations. Additional details regarding example optimized scrambler circuit protocols used in the illustrative embodiments may be found in "Authenticated scrambling and Efficient malicious security Two-Party computing" (Authenticated scrambling and Efficient malicious security Two-Party computing) "by Xiao Wang, Samuel Ranellucci, and Jonathan Katz in ACM CCS, 2017, which is incorporated herein by reference. Additional details regarding the example secret sharing based MtA protocol used in the illustrative embodiments can be found in "fast multiparty threshold ECDSA with fast trust setup" (ACM CCS, 2018 by Rosario Gennaro and Steven goldfefefder, which is incorporated herein by reference. These are merely examples, and other types of protocols may be used in other embodiments.
We now present the problems addressed by the illustrative embodiments of DECO and presenting a high-level overview of its architecture.
The problem statement: distributed pre-speaking machine
The illustrative embodiments herein provide a protocol for building a "predictive machine" (i.e., an entity that can prove the provenance and nature of online data). Targeting a proof of acceptance
Figure GDA0003767487980000123
Direction verifier
Figure GDA0003767487980000124
Proving that a piece of data came from a particular website
Figure GDA0003767487980000125
And optionally attesting to statements about such data with zero knowledge, thereby keeping the data itself secret. Access to data may be required from
Figure GDA0003767487980000126
And such private informationAll should be from
Figure GDA0003767487980000127
The secret is maintained.
We focus in the illustrative embodiment on the server running TLS, a widely deployed suite of security protocols on the internet. However, TLS alone does not prove data provenance. While TLS uses public key signatures for authentication, it uses symmetric key primitives to protect the integrity and confidentiality of the exchanged messages using a shared session key established at the beginning of each session. Thus, knowing this symmetric key
Figure GDA0003767487980000128
Statements about cryptographically authenticated TLS data cannot be certified to third parties.
The web server itself may assume the role of the predictive engine, for example by signing only the data. However, a server-facilitated predictive engine would not only incur high adoption costs, but also place the user at a disadvantage: the network server may impose any constraints on the predictive capabilities. We are interested in a scheme where anyone can prove the provenance of any data she can access without relying on a single central point of control (e.g., a web server providing the data).
We address these and other attacks in the illustrative embodiments by introducing what we call herein a "decentralized presbyker" that does not rely on trusted hardware or collaboration from a network server. The problem is much more challenging than previous predictors because it hinders solutions that require the server to modify its code or deploy new software or use a forecasted market, while at the same time going beyond these previous approaches by supporting arbitrary assertions of data.
An important application of the illustrative embodiments disclosed herein is in the construction of Authentication Data Feeds (ADFs), i.e., data with provenance and correctness that can be verified, for intelligent contracts. A wide variety of other applications are advantageously supported by the techniques disclosed herein.
In the context of ADFs, because smart contracts cannot participate in the 2PC protocol, they must rely on the predictor node to represent them as a proxy
Figure GDA00037674879800001315
And (4) participating. Thus, in some embodiments, we deploy DECO in a decentralized presidenter network, where a set of independently operating presidenters are available for use by the intelligent contract. It should be noted that a propheter running a DECO is trusted only for integrity and not for privacy. The smart contract may further hedge against integrity failures by querying multiple prediction machines and requiring, for example, most agreements. We emphasize that the privacy of the DECO is preserved even if all the predictive machines are cracked. Thus, DECO enables a user to provide ADFs derived from private data to smart contracts while hiding the private data from the predictive player.
Symbols and definitions
In some embodiments, we use
Figure GDA0003767487980000131
To refer to prover, use
Figure GDA0003767487980000132
To refer to a verifier and use
Figure GDA0003767487980000133
To refer to the TLS server. We use the bold letter (e.g., M) to refer to the vector and M i To refer to the ith element in M.
We use the ideal functionality as illustrated in FIG. 3
Figure GDA0003767487980000134
To model the basic properties of the prediction machine. To is coming to
Figure GDA0003767487980000135
All messages are tagged with a unique session id, denoted sid. Additional or alternative embodiments may be usedPredicting the machine properties.
As indicated in fig. 3, in this embodiment,
Figure GDA0003767487980000136
accept from
Figure GDA0003767487980000137
Secret parameter theta of s (e.g., password), Query template Query, and Query from
Figure GDA0003767487980000138
Statement Stmt. Querying a template for acquisition
Figure GDA0003767487980000139
Secret theta of s And returns a complete query containing the query
Figure GDA00037674879800001310
Specified public parameters. The example Query template would be Query (θ) s ) "GOOG stock price on 1/2020, with API key θ s ". Proving device
Figure GDA00037674879800001311
The query sent to the server may later be proven to be well formed (i.e., built from the template) without revealing the secret. Stating Stmt is
Figure GDA00037674879800001312
It is desirable to evaluate the response of the server. As per the previous example, since the response R is a number, it is stated below that it will be compared to a threshold: stmt (R) ═ R > $1,000.
In that
Figure GDA00037674879800001313
Acknowledging the query template and statement (by sending "good" and θ) s ) After that time, the user can use the device,
Figure GDA00037674879800001314
using construction from templatesFrom a query search
Figure GDA0003767487980000141
The response of (2). We assume a honest server, so R is the real data.
Figure GDA0003767487980000142
Sending Stmt (R) and data source to
Figure GDA0003767487980000143
We are interested in this embodiment in a decentralized oracle that does not require any server-side modifications or collaboration, i.e.,
Figure GDA0003767487980000144
the unmodified TLS protocol is followed. More particularly, the decentralized talker protocol for TLS is a three-way protocol
Figure GDA0003767487980000145
So that 1) Prot is realized
Figure GDA0003767487980000146
And 2)
Figure GDA0003767487980000147
Standard TLS, possibly together with application layer protocols.
In an illustrative embodiment, we consider a static malicious network adversary
Figure GDA0003767487980000148
The parties with the damage can deviate from the protocol at will and move to
Figure GDA0003767487980000149
Revealing its state. As a result of the network-opponent,
Figure GDA00037674879800001410
from
Figure GDA00037674879800001411
The message length is learned, since TLS does not hide the length. Let us assume that
Figure GDA00037674879800001412
And
Figure GDA00037674879800001413
according to the principle of
Figure GDA00037674879800001414
The running application layer protocol selects and agrees on the appropriate queries (e.g., which should be idempotent for most applications) and statements.
For a given query
Figure GDA00037674879800001415
By
Figure GDA00037674879800001416
Refers to the honest response of the server. We require when
Figure GDA00037674879800001417
Or
Figure GDA00037674879800001418
And when damaged, the safety is kept. Functionality
Figure GDA00037674879800001419
The following safety guarantees are reflected:
prover integrity: malicious intent
Figure GDA00037674879800001420
The inability to forge content to come out of the way, she cannot make
Figure GDA00037674879800001421
Accepting invalid queries or incorrectly replying to valid queries. Specifically, if the verifier inputs (Query, Stmt) and outputs
Figure GDA00037674879800001422
Then
Figure GDA00037674879800001423
Must already be in the TLS session
Figure GDA00037674879800001424
Is sent to
Figure GDA00037674879800001425
Thereby receiving a response
Figure GDA00037674879800001426
Such that b is stmt (r).
Malicious verifier integrity
Figure GDA00037674879800001427
Can not make
Figure GDA00037674879800001428
An incorrect response is received. In particular, if
Figure GDA00037674879800001429
Output (Q, R), then R must be server pair
Figure GDA00037674879800001430
Submitted queries
Figure GDA00037674879800001431
The response of (a), i.e.,
Figure GDA00037674879800001432
privacy: malicious intent
Figure GDA00037674879800001443
Learning only public information
Figure GDA00037674879800001433
And evaluation of Stmt (R).
Protocol for scarecrow (Strawman)
We focus in the illustrative embodiment on two widely used representative TLS cryptographic program groups: CBC-HMAC and AES-GCM. Our technique is also generalized to other ciphers (e.g., Chacha20-Poly1305, etc.). We initially use CBC-HMAC to illustrate certain embodiments, and later describe techniques for AES-GCM.
TLS uses a separate key for each direction of communication. Unless explicitly specified, we do not distinguish between the two and use k Enc And k MAC Refers to session keys for both directions.
In presenting an illustrative embodiment of the DECO, we begin with the Rice Rollers protocol and gradually build up as a complete protocol.
To realize
Figure GDA00037674879800001434
In between
Figure GDA00037674879800001435
The protocol of (1) is as follows.
Figure GDA00037674879800001436
Query server
Figure GDA00037674879800001437
And records all messages sent to and received from the server in the server
Figure GDA00037674879800001438
And
Figure GDA00037674879800001439
in (1). Suppose that
Figure GDA00037674879800001440
Figure GDA00037674879800001441
And (k) MAC ,k Enc ) Is a session key.
She then proves with zero knowledge 1) each
Figure GDA00037674879800001442
Decipher as R i ‖σ i A plaintext record and a MAC tag; 2) for R i Per MAC tag σ of i For k MAC Carrying out verification; and 3) b where the required statement evaluates to response (i.e., b ═ stmt (r)). The use of a standard symbol is used,
Figure GDA0003767487980000151
computing
Figure GDA0003767487980000152
Lambda verification (k) MAci ,R i )=1∧Stmt(R)=b}。
She also demonstrated
Figure GDA0003767487980000153
Is well formed into
Figure GDA0003767487980000154
As in the demonstration of p q Are similar to each other, and will
Figure GDA0003767487980000155
Is sent to
Figure GDA0003767487980000156
In that
Figure GDA0003767487980000157
The prover integrity property seems to be maintained under the conditions of true transcription of TLS sessions. Intuitively speaking, the CBC-HMAC ciphertext is bound to the underlying plaintext, therefore
Figure GDA0003767487980000158
May be considered a secure submission of session data. That is, given
Figure GDA0003767487980000159
Can only be opened (i.e., decrypted and MAC checked) for unique messages. Binding property prevention
Figure GDA00037674879800001510
Opening to different messages except for an initial session with a server
Figure GDA00037674879800001511
Unfortunately, this intuition is deficient. The scarecrow protocol failed completely because it was not guaranteed
Figure GDA00037674879800001512
The authenticity of. Proving device
Figure GDA00037674879800001513
Has a session key, and as such she may include
Figure GDA00037674879800001514
Encryption of any of the messages.
Furthermore, zero knowledge proof
Figure GDA00037674879800001515
The construction is required to involve decrypting and hashing the entire transcript, which can be prohibitively expensive. In order to make the protocol feasible, we need to significantly reduce the cost.
General description of DECO
The key failure of the above scarecrow method is
Figure GDA00037674879800001516
The session key is learned before she submits to the session. In an illustrative embodiment of DECO, from
Figure GDA00037674879800001517
Withhold the MAC key until after her submission.
Figure GDA00037674879800001518
And server
Figure GDA00037674879800001519
The TLS session in between must still provide confidentiality and integrity. Furthermore, the protocol must not degrade performance below the requirements of TLS (e.g., trigger timeouts).
FIG. 4 shows an example DECO implementation in an illustrative embodiment that includes a server device, a prover device, and a verifier device. In this embodiment, DECO is implemented as a three-stage protocol. The first stage is the prover therein
Figure GDA00037674879800001520
Verifying device
Figure GDA00037674879800001521
And TLS server
Figure GDA00037674879800001522
Is built in
Figure GDA00037674879800001523
And with
Figure GDA00037674879800001524
A novel three-way handshake protocol with a secret shared session key between. After the handshake is a query execution phase during which,
Figure GDA00037674879800001525
following the standard TLS protocol but from
Figure GDA00037674879800001526
Access the server with the help of (1). In that
Figure GDA00037674879800001527
After submission to the query and the response,
Figure GDA00037674879800001528
revealing her key sharing. Finally, the process is carried out in a batch,
Figure GDA00037674879800001529
statements about the response are certified in a certification generation phase.
A three-way handshake, basically,
Figure GDA00037674879800001530
and
Figure GDA00037674879800001531
collectively acting as a TLS client. With negotiation in the form of secret sharing
Figure GDA00037674879800001532
Is shared with the session key. We emphasize this pair of stages (similar to the rest of DECO)
Figure GDA00037674879800001533
Completely transparent so that no server side modifications are required.
For the CBC-HMAC cryptographic suite, at the end of the three-way handshake,
Figure GDA00037674879800001534
and
Figure GDA00037674879800001535
receive separately
Figure GDA00037674879800001536
And
Figure GDA00037674879800001537
at the same time
Figure GDA00037674879800001538
Receiving
Figure GDA00037674879800001539
As with the standard handshake, the user may choose to,
Figure GDA00037674879800001540
and
Figure GDA00037674879800001541
both obtain an encryption key k Enc
The three-way handshake may make the aforementioned session data submission unforgeable as follows. At the end of the session it is time to complete the session,
Figure GDA00037674879800001542
is first submitted to
Figure GDA00037674879800001543
As previously described, followed by
Figure GDA0003767487980000161
Reveal her share
Figure GDA0003767487980000162
From
Figure GDA0003767487980000163
From the perspective of (1), the three-way handshake protocol ensures that a new MAC key (for each direction) is used for each session, regardless of the impact of a potentially malicious prover, and the key pair
Figure GDA0003767487980000164
Is unknown until she commits. Without knowledge of the MAC key,
Figure GDA0003767487980000165
there is no way to forge or tamper with the session data before it is submitted to it. The non-forgeability of the session data submission in DECO thus reduces the non-forgeability of the MAC scheme used in TLS.
Other sets of cryptographic programs, such as GCM, may be similarly supported. In GCM, a single key (for each direction) is used for both encryption and MAC. The handshake protocol is similarly at
Figure GDA0003767487980000166
And with
Figure GDA0003767487980000167
A secret shared key is used between them. The handshake protocol for GCM is described in more detail elsewhere herein.
Since the session key is shared secretly, as mentioned, so
Figure GDA0003767487980000168
And
Figure GDA0003767487980000169
the interactive protocol is executed to construct a TLS message that encrypts the query.
Figure GDA00037674879800001610
Then sends the message to the client as a standard TLS
Figure GDA00037674879800001611
For CBC-HMAC, it computes the MAC tag of the query, while for GCM, it performs authentication encryption. Note that query pairs
Figure GDA00037674879800001612
Is private and should not leak to
Figure GDA00037674879800001613
Generic 2 PCs will be expensive for larger queries, so we instead introduce a custom 2PC protocol that is more efficient in magnitude level than generic solutions, as described elsewhere herein.
As has been explained previously, it is possible to,
Figure GDA00037674879800001614
upon receiving
Figure GDA00037674879800001615
Prior to submission to session data
Figure GDA00037674879800001616
Making the submission unforgeable. Followed by
Figure GDA00037674879800001617
The integrity of the response may be verified and statements about it may be certified as will now be described.
Proof of production Using an unforgeable submission if
Figure GDA00037674879800001618
Fully open commit
Figure GDA00037674879800001619
(i.e., revealing an encryption key), then
Figure GDA00037674879800001620
Can be easily verified by checking the decrypted MAC
Figure GDA00037674879800001621
The authenticity of.
However, the disclosure is for
Figure GDA00037674879800001622
Will break privacy: which will be disclosed in
Figure GDA00037674879800001623
And
Figure GDA00037674879800001624
all session data exchanged between. In theory, it is possible to use,
Figure GDA00037674879800001625
may instead prove with zero knowledge (i.e., without revealing the encryption key)
Figure GDA00037674879800001626
Any statement above, Stmt. However, the universal zero knowledge proof technique would be prohibitively expensive for many of the inherent options for Stmt.
Change of DECO intoTwo techniques were introduced that support efficient proof of statements for a broad general class, namely the "selective open" technique referred to herein as TLS session transcription. Selective opening involves opening to
Figure GDA00037674879800001627
Revealing substrings or revising (i.e., cutting out) substrings, thereby modifying (i.e., cutting out) substrings
Figure GDA00037674879800001628
Hiding the substring.
FIG. 5 shows a simplified JSON bank statement of a user Bob acting as a prover as an illustrative example. This example will be used to expose selective opening and context integrity attacks. Suppose Bob
Figure GDA00037674879800001629
Want to move to
Figure GDA00037674879800001630
Revealing his checking account balance. Revealing the decryption key for his TLS session would be undesirable: it will also reveal the entire statement, including his transaction. Alternatively, using the techniques disclosed herein, Bob may efficiently disclose only the substrings in lines 5-7. Alternatively, if he does not intend to reveal his savings account balance, he may revise his transaction after line 7.
Two selective open modes (revealing and revising substrings) are useful privacy protection mechanisms. It may also serve as a pre-process for subsequent zero knowledge proofs. For example, Bob may want to prove that he has an account with a balance greater than $1000 without revealing the actual balance. He will then prove with zero knowledge an assertion on the substring containing his checking account balance ("balance > $ 1000").
However, selective opening alone is not sufficient for many applications. This is because the context of the substring affects its meaning. Without what we call context integrity,
Figure GDA0003767487980000171
can cheat and reveal that a mistake is expressed as
Figure GDA0003767487980000172
A declared substring is certified. For example, Bob may not have a balance above $ 1000. However, after viewing his bank statement, he can publish to the customer service in the same TLS session with substring "balance": $5000 messages, and then look at his pending messages (in the form of a reflection attack). He can then reveal this substring to spoof
Figure GDA0003767487980000173
Supply to prover
Figure GDA0003767487980000174
Various sanitization heuristics of input (e.g., truncating session transcription) may potentially prevent some such attacks, but as with other forms of web application input sanitization, it is vulnerable and vulnerable to attack.
Instead, we introduce rigorous techniques by which session data is explicitly but secretly parsed. We refer to this technique as "zero knowledge two-stage parsing". According to the technique of the present invention, it is possible to,
Figure GDA0003767487980000175
resolving locally in a first phase
Figure GDA0003767487980000176
And then with zero knowledge to
Figure GDA0003767487980000177
A statement is proved regarding the constraints on the resulting substring. For example, in our banking example, if the bank-supplied key value store is always escaped with the diacritic λ, then Bob may escape by parsing locally and forwarding to
Figure GDA0003767487980000178
Revealing the substring "balance" preceded by λ: $5000 to prove the correct balance. It can be shown that for the very common class of network API syntax (unique key), this two-stage approach produces far more efficient proofs than the more general-purpose techniques.
Fig. 6 shows a more detailed example implementation of the DECO protocol introduced above. In this embodiment, the DECO protocol includes a three-way handshake phase followed by a 2PC protocol for the query execution phase, and a credential generation phase. Each of these stages will be described in more detail below. It should be understood that the specific details of this embodiment, as well as other embodiments disclosed herein, are presented by way of example only, and should not be construed as limiting in any way. Those skilled in the art will recognize that additional or alternative techniques may be used.
Three-way handshake
In some embodiments, the three-way handshake (3P-HS) is targeted to couple
Figure GDA0003767487980000179
In a completely transparent manner at the prover
Figure GDA00037674879800001710
And verifier
Figure GDA00037674879800001711
Between the server
Figure GDA00037674879800001712
The session key used in the TLS session. We first focus on describing CBC-HMAC, then adapt the protocol to support GCM.
FIG. 7 shows a formal specification of a three-way handshake protocol in an illustrative embodiment.
Fig. 8 shows an example ECtF protocol as part of a three-way handshake protocol in some embodiments.
Again, the specific details of these protocols are merely examples and are not limiting in any way. For example, in other embodiments, a wide variety of other types of three-way handshake protocols involving provers, verifiers, and servers may be used. Thus, the term "three-way handshake protocol" as used herein is intended to be broadly understood.
Like the standard TLS handshake, the 3P-HS comprises two steps: in the first place, the first,
Figure GDA0003767487980000181
and
Figure GDA0003767487980000182
computing a secret shared with a server via a TLS-compliant key exchange protocol
Figure GDA0003767487980000183
Is shared. ECDHE is recommended and focused here, but other techniques can be used for computing sharing; in the second place, the first place is,
Figure GDA0003767487980000184
and
Figure GDA0003767487980000185
the secret shared session key is derived by securely evaluating TLS-PRF with its share of Z as input, where PRF refers to a pseudo-random function. In the following we present a text description and therefore do not require formal specifications for understanding.
Step 1: key exchange hypothesis
Figure GDA0003767487980000186
Refers to the EC group used in ECDHE and G refers to its generator.
Proving device
Figure GDA0003767487980000187
By issuing a regular TLS handshake request with a random nonce r c Is sent to
Figure GDA0003767487980000188
The handshake is initiated (in the ClientHello message). At the slave
Figure GDA0003767487980000189
Receiving the certificate, server nonce r s And signed ephemeral DH public key
Figure GDA00037674879800001810
(in the Server Hello and ServerKeyExchange messages),
Figure GDA00037674879800001811
checks and forwards certificates and signatures to
Figure GDA00037674879800001812
After the same check has been made as for,
Figure GDA00037674879800001813
for secret s V Sampling and applying DH public key Y V =s V G sends her part to
Figure GDA00037674879800001814
Which then deals with another secret s P Sample and combine DH public key Y P =s P ·G+Y V Is sent to
Figure GDA00037674879800001815
Due to the server
Figure GDA00037674879800001816
Run standard TLS, therefore
Figure GDA00037674879800001817
(and
Figure GDA00037674879800001818
) Calculate its share of Z as Z P =s P ·Y S (and Z V =s V ·Y S ) When the temperature of the water is higher than the set temperature,
Figure GDA00037674879800001819
the DH secret will be calculated. It should be noted that Z ═ Z P +Z V Wherein + is
Figure GDA00037674879800001820
The group operation of (1). Given that the discrete logarithm problem in the selected group is difficult, then Z is unknown to either party.
And 2, step: key derivation now
Figure GDA00037674879800001821
And
Figure GDA00037674879800001822
an additive share of Z (in the form of EC points) has been established, which derives the session key by evaluating the TLS-PRF keyed in the x-coordinate of Z.
The technical challenge here is to coordinate arithmetic operations in 2PC (i.e.,
Figure GDA00037674879800001823
add in) and bitwise operation (i.e., TLS-PRF). It is well known that boolean circuits are not well suited for arithmetic in large domains. As a specific estimate, EC-point addition, which only produces x-coordinates, involves 4 subtractions, one modulo inversion and 2 modulo multiplications. The estimation of AND complexity based on a very optimized circuit yields over 900,000 AND gates for subtraction, multiplication AND modular reduction only-even without inversion, which would require running an extended Euclidean algorithm inside the circuit.
Due to the prohibitive cost of adding EC points in boolean circuits,
Figure GDA00037674879800001824
and
Figure GDA00037674879800001825
using the ECtF protocol shown in fig. 8 will be
Figure GDA00037674879800001826
Into which the additive sharing of the EC-points in
Figure GDA00037674879800001827
X coordinate of (2). Then the Boolean circuit is only involved in
Figure GDA00037674879800001828
With two added numbers, this can be done with only-3 | p | AND gates, which are-768 AND gates in our implementation, where p is 256 bits.
ECtF protocol will be used to convert to a shared format using ECtF
Figure GDA00037674879800001829
Sharing conversion in (1)
Figure GDA00037674879800001830
Is shared. The inputs to the ECtF protocol are two EC points
Figure GDA00037674879800001831
Is marked as P i =(x i y i ). Suppose (x) s ,y s )=P 1 ★P 2 Wherein ≧ EC group operation, then the output of the protocol is
Figure GDA00037674879800001832
So that α + β ═ x s . In particular, for the curve we consider, x s2 -x 1 -x 2 Wherein λ ═ y 2 -y 1 )/(x 2 -x 1 ). Y can be calculated similarly s But we omit the computation, since TLS uses only x s
ECtF uses multiply-pair-add (MtA) shared translation protocols as building blocks. We use α, β: operation of MtA between Alice and Bob with inputs α and b, respectively, is denoted MtA (α, b). At the end of the run, Alice and Bob receive α and β, so that a · b ═ α + β. The protocol may be generalized to handle vector inputs without increasing communication complexity. I.e. for vectors
Figure GDA0003767487980000191
If α, β: MtA (α, b), then (α, b) α + β.
We now describe the protocol of ECtF. ECtF has two main components. Let [ alpha ] be]2 of 2 shares referring to α, i.e., [ α]=(α 1 ,α 2 ) So that i has an α for i e {1, 2} i While α is ═ α 12 . The first component is a sharing inversion: given [ alpha ]]Calculating [ alpha ] -1 ]. This can be done as follows: i-square to random value r i Sample and execute MtA to calculate δ 1 ,δ 2 :=MtA((α 1 ,r 1 ),(r 2 ,α 2 )). Note that δ 12 =α 1 ·r 22 ·r 1 . V published by Party i i =δ ii ·r 1 And thus both parties learn v ═ v 1 +v 2 . Finally, the i-side outputs beta i =r i ·v -1 . Protocol calculation of alpha -1 Because of beta 12 =α -1 . Furthermore, the protocol does not leak α to any party that assumes MtA to be secure. In fact, the view of the i-side is represented by (α) 12 )(r 1 +r 1 ) Composition due to r i Are uniformly random and are uniformly random.
The second component is shared multiplication: calculating [ alpha b [ ]]Given [ alpha ]],[b].[αb]The following can be calculated using MtA: the parties perform MtA to calculate alpha 1 ,α 2 So that α is 12 =α 1 ·b 22 ·b 2 . Then, the i-side output mi is equal to alpha ii ·y i . The security and correctness of the protocol may be similarly demonstrated as above.
Having calculated the share of the x coordinate of Z in ECtF (so-called pre-master secret in TLS),
Figure GDA0003767487980000192
and
Figure GDA0003767487980000193
the TLS-PRF in 2PC is evaluated to derive the session key. Using the known SHA-256 circuit, we manually optimized the TLS handshake circuit, resulting in a circuit with a total AND complexity of 779,213.
Adapted to support GCM for GCM a single key (for each direction) is used for both encryption and MAC. Adapting the above protocol to support GCM in TLS1.2 is simple. The first step will remain the same while the output of the second step needs to be truncated because the GCM key is shorter.
TLS 1.3. to support TLS 1.3, 3P-HS protocol must be adapted to the new handshake flow and different key derivation circuits. It is worth noting that all handshake messages after ServerHello are now encrypted. An immature policy would be to decrypt the message in 2PC, which would be expensive because the certificate is usually large. However, due to the key independence nature of TLS 1.3, we can construct a 3P-HS protocol similar to the complexity of TLS1.2, as described elsewhere herein.
Query execution
After handshaking, the prover
Figure GDA0003767487980000194
Inquire her
Figure GDA0003767487980000195
Sent to a server as a standard TLS client
Figure GDA0003767487980000196
But by means of a self-verifier
Figure GDA0003767487980000197
To help of (3). In particular, since the session key is shared secretly, both parties need to interact and execute the 2PC protocol to construct TLS record encryption
Figure GDA0003767487980000198
While a generic 2PC would theoretically be sufficient, it would be expensive for larger queries. We change toA custom 2PC protocol of a more efficient magnitude level is introduced.
We first focus on a round session, where
Figure GDA0003767487980000201
Sending all queries to before receiving any response
Figure GDA0003767487980000202
Most applications of DECO (e.g., provenance of content retrieved via HTTP GET) are round-robin. The DECO is extended to support multiple-loop sessions as described elsewhere herein.
CBC-HMAC
Figure GDA0003767487980000203
And
Figure GDA0003767487980000204
maintaining sharing of MAC keys while
Figure GDA0003767487980000205
The encryption key is saved. To construct TLS record encryption
Figure GDA0003767487980000206
(potential pair)
Figure GDA0003767487980000207
Private), both parties first run the 2PC protocol to compute
Figure GDA0003767487980000208
HMAC tag τ, and then
Figure GDA0003767487980000209
Encrypting locally
Figure GDA00037674879800002010
And send the ciphertext to
Figure GDA00037674879800002011
Let H refer to SHA-256. Remember that HMAC for message m with key k is
Figure GDA00037674879800002012
The terms ipad and opad refer to the respective "inside" and "outside" values utilized in the HMAC algorithm. A direct 2PC implementation would be expensive for larger queries because it would require hashing the entire query in 2PC to compute the internal hash. This is achieved by
Figure GDA00037674879800002013
The computation of the internal hash is done locally (i.e., without 2PC) and is advantageously avoided in the illustrative embodiment. If it is not
Figure GDA00037674879800002014
Is aware of
Figure GDA00037674879800002015
She can compute an internal hash. However, we cannot simply get it out of the way
Figure GDA00037674879800002016
Is fed to
Figure GDA00037674879800002017
As she can then learn k and forge the MAC.
Our optimization utilized Merkle Damgard (Merkle-
Figure GDA00037674879800002018
) And (5) structure. Suppose m 1 And m 2 Two correctly sized blocks. Then H (m) 1 ‖m 2 ) Is calculated as f H (f H (IV,m 1 ),m 2 ) Wherein f is H Refers to the one-way compression function of H, and IV refers to the initial vector.
Fig. 9 shows a post-handshake protocol for CBC-HMAC.
After the three-way handshake, the user may,
Figure GDA00037674879800002019
and
Figure GDA00037674879800002020
performing simple 2PC protocol to compute
Figure GDA00037674879800002021
And to direct it to
Figure GDA00037674879800002022
Disclosed is a method for producing a semiconductor device. In order to compute the internal hash of the message m,
Figure GDA00037674879800002023
using only s 0 The hash of m is computed as IV. Disclosure of s 0 Does not disclose k MAC Because suppose f H Is unidirectional. To compute HMAC (k, m) then involves computing the outer hash in 2PC over the inner hash, which is a much shorter message. Therefore, we can reduce the amount of 2PC computation to a few blocks regardless of query length, compared to up to 256SHA-2 blocks in each record with a generic 2 PC.
AES-GCM for GCM,
Figure GDA00037674879800002024
and
Figure GDA00037674879800002025
to proceed with
Figure GDA00037674879800002026
The authentication of (2) is encrypted. 2PC-AES is simple with optimized circuitry, but computing the label for larger queries is expensive because it involves evaluating a long polynomial in the large domain for each record. Our optimized protocol performs polynomial evaluations locally via pre-calculations, as described in more detail elsewhere herein. Since 2PC-GCM involves not only tag creation but also AES encryption, its odds ratio CBC-HMAC higher computational cost and latency.
Other embodiments disclosed herein utilize an efficient alternative protocol (referred to as a proxy mode protocol) that avoids the post-handshake 2PC protocol altogether under additional trust assumptions.
As illustrated in the full DECO protocol shown in fig. 6, after querying the server and receiving the response,
Figure GDA0003767487980000211
by sending the ciphertext to
Figure GDA0003767487980000212
But is submitted to the session and received
Figure GDA0003767487980000213
Is shared. Followed by
Figure GDA0003767487980000214
The integrity of the response may be verified and statements about it may be certified. FIG. 6 specifies the complete DECO protocol for CBC-HMAC. The DECO protocol for GCM is similar and is described elsewhere herein.
For clarity, we extract the ideal functionality
Figure GDA0003767487980000215
Details of zero knowledge proof of (1). At the slave
Figure GDA0003767487980000216
Upon receipt ("attestation", x, w), where x and w are private and public witnesses, respectively,
Figure GDA0003767487980000217
sending w and the relation pi (x, w) e [0,1} (defined below) to
Figure GDA0003767487980000218
In particular, for CBC-HMAC, x, w, π are defined as follows:
Figure GDA0003767487980000219
and
Figure GDA00037674879800002110
the relationship π (x, w) if and only if (1)
Figure GDA00037674879800002111
(and
Figure GDA00037674879800002112
) Is composed of
Figure GDA00037674879800002131
(and R) at key k Enc ,k MAC The CBC-HMAC ciphertext; (2)
Figure GDA00037674879800002113
and (3) stmt (r) ═ b, 1 is output. Otherwise it outputs 0.
Assuming functionality for secure 2PC and ZKP, it may show Prot as illustrated in FIG. 6 DECO Implementing FIG. 3 securely for malicious adversary UC
Figure GDA00037674879800002114
More particularly, assuming that the discrete recording problem is difficult in the group used in the three-way handshake, and f (the compression function of SHA-256) is a random oracle, Prot DECO Securely implementing UC against static malicious adversaries with aborts
Figure GDA00037674879800002115
In a mixed world
Figure GDA00037674879800002116
The protocol for GCM has a similar flow. The GCM variant of the three-way handshake and query construction protocol is described above.
Figure 10 shows the 2PC protocol for validating tags and decrypting records in the GCM variant. These are also referred to as post-handshake protocols for GCM.
Unlike CBC-HMAC, GCM does not commit: for a given ciphertext encrypted with Key k
Figure GDA00037674879800002117
A person knowing k can efficiently find what to do when passing an integrity check
Figure GDA00037674879800002132
K' ≠ k, which decrypts to a different plaintext. To prevent this attack, we need to
Figure GDA00037674879800002118
In the study of
Figure GDA00037674879800002119
Before submitting to her key share
Figure GDA00037674879800002120
In the certification generation phase, the certification is related to
Figure GDA00037674879800002121
And in addition to the statements of R,
Figure GDA00037674879800002122
there is also a need to prove for decryption
Figure GDA00037674879800002123
And
Figure GDA00037674879800002124
session key pair
Figure GDA00037674879800002125
Is valid. The proof of security of the GCM variant is similar to that of CBC-HMAC.
Proof generation
Memory prover
Figure GDA00037674879800002126
Submission to TLS sessionsIs encrypted by the encryption key
Figure GDA00037674879800002127
And to
Figure GDA00037674879800002128
The plaintext M is proven to satisfy certain properties. Without loss of generality, we assume
Figure GDA00037674879800002129
And M contains only one TLS record and is hereinafter referred to as a ciphertext record and a plaintext record. Multiple recording sessions can be handled by repeating the protocol for each recording.
Only provenance of M proves simple: only the encryption key is disclosed. But this sacrifices privacy. Instead of this, the user can,
Figure GDA00037674879800002130
any statement regarding M may be evidenced using general zero knowledge techniques. But such certification is often expensive.
In the following description, we present statements of two categories optimized for an example application: revealing only responsive substrings while proving provenance ("selective opening"), or further proving that revealed substrings appear in the text of the text
Figure GDA0003767487980000221
In the expected context ("context integrity by two-phase resolution").
Illustrative embodiments implement a technique referred to herein as a "selective open" technique, which allows for
Figure GDA0003767487980000222
The substrings in the plaintext are efficiently revealed or revised. Suppose a plaintext record consists of information block M ═ B 1 ,…,B n ) Composition (details of the blocks are discussed below). Selective open allowing
Figure GDA0003767487980000223
Ith letter proving MInformation block is B i While not revealing the remainder of M; we call this a revealing mode. It can also prove M -i Same as M but with the information blocks removed. We call this a revision mode. Both modes are simple but can be used for feasible privacy objectives. The granularity of selective opening depends on the cryptographic suite of programs, which we now discuss.
CBC-hmac. remember for proof generation,
Figure GDA0003767487980000224
saving encryption and MAC keys k Enc And k MAC Both of which are
Figure GDA0003767487980000225
Having only MAC key k MAC . Our performance analysis assumes a cryptographic suite of programs with SHA-256 and AES-128 that matches our implementation, but the technique is applicable to other parameters. Remember to use MAC followed by encryption: the plaintext record M contains up to 1024 AES data blocks and 3 MAC tag blocks σ, which we refer to as M ═ B (B) 1 ,…B 1024 σ), where σ ═ B (B) 1025 ,B 1026 ,B 1027 ).
Figure GDA0003767487980000226
CBC encryption for M, consisting of the same number of blocks:
Figure GDA0003767487980000227
wherein
Figure GDA0003767487980000228
Revealing TLS records, certificates
Figure GDA0003767487980000229
In not disclosing k Enc The immature way of encrypting M in case of (a) is to prove the correct encryption of each AES block in ZKP. However, this would require up to 1027 AES calls in ZKP, resulting in unfeasible performance.
Using MAC connectionsWith the encryption structure, the same operation can be done using only 3AES calls in ZKP. This illustratively involves proving
Figure GDA00037674879800002210
The last few blocks of (a) encrypt the tag sigma and reveal the plaintext directly. In particular to the way in which the flow of air is controlled,
Figure GDA00037674879800002211
computing
Figure GDA00037674879800002212
And send (M, π) to
Figure GDA00037674879800002218
Then, the
Figure GDA00037674879800002219
Verify pi and check the MAC tag on M (note,
Figure GDA00037674879800002213
knows the MAC key). Its security depends on the collision resistance of the underlying hash function in the HMAC, i.e.,
Figure GDA00037674879800002214
m' ≠ M cannot be found with the same label σ.
A record with a revised chunk is revealed, assuming that the ith chunk contains
Figure GDA00037674879800002215
Sensitive information that is desired to be revised. The direct strategy is to prove B by calculation i- =(B 1 ,…,B i-1 ) And B i+ =(B i1+ ,…,B n ) Is formed by
Figure GDA00037674879800002216
Prefixes and suffixes of encrypted plaintext
Figure GDA00037674879800002217
But this is expensive as it would involve 3AES and 256SHA-256 compression in ZKP.
With the Merkel-Damgard structure of SHA-256, several optimizations are possible. Suppose f refers to the compression function of SHA-256, and s i-1 Is referred to in B i- The state after f is applied. First, if applicable, e.g., at B i Revealing s when containing high entropy data such as API keys i-1 And s i Both, then only 1SHA-256 in ZKP can be used to achieve the above goal. In order to do so, it is proposed that,
Figure GDA0003767487980000231
calculating pi-ZK-PoK { B ═ i :f(s i-1 ,B i )=s i And will be (pi. s) i-1 ,s i ,B i- ,B i+ ) Is sent to
Figure GDA0003767487980000232
Which then 1) by passing from B i- Recalculate it to check s i-1 (ii) a 2) Verifying pi; and 3) by a slave s i And B i+ It is recalculated to check the MAC tag sigma. Suppose B i For high entropy, then since f is unidirectional, s is revealed i-1 And s i Without leakage of B i
On the other hand, if s i-1 And s i Both cannot be moved to
Figure GDA0003767487980000233
Disclose (e.g., as for B) i When a brute force attack is feasible), then we can still make the pass
Figure GDA0003767487980000234
Revisions containing block B i To reduce costs. The cost incurred next is the 256-iSHA-2 hash in ZKP. Additional details are provided elsewhere herein. In general, ZKP costs and record sizes areProportional, TLS slicing operations may also reduce costs by a constant factor.
Revision suffix when revision suffix B is to be revised i+ When the temperature of the water is higher than the set temperature,
Figure GDA0003767487980000235
calculating out
Figure GDA0003767487980000236
Figure GDA0003767487980000237
And s i Is at B i- ‖B i The state after f is applied.
Figure GDA0003767487980000238
Will (pi, B) i- ‖B i 0 is sent to
Figure GDA00037674879800002324
The validator then 1) passes at B i- ‖B i Check s by applying f i-1 And 2) verifying pi. Basically, it safely follows the pre-imaging resistance of f. In addition, since ih ═ f (s, B) i+ ) To
Figure GDA0003767487980000239
Keep secret, so
Figure GDA00037674879800002310
The revised suffix is not learned. The total cost is 3AES and 256-iSHA-2 hashes in ZKP.
The prefix is revised.
Figure GDA00037674879800002311
Calculating two ZKPs 1)
Figure GDA00037674879800002312
Figure GDA00037674879800002313
Figure GDA00037674879800002314
Will (pi) 12 ,s i-1 ,B i ‖B i+ ) Is sent to
Figure GDA00037674879800002315
Verifier 1) uses pi 1 Inspection of i-1 Is correct and f(s) is then calculated i-1 ,B i ‖B i+ ) To obtain an internal hash ih, 2) verify pi using the calculated ih 2 . The cost incurred is 3AES in ZKP and 256-i SHA-2 hashing.
It should be noted that the revision prefix/suffix is only meaningful if the disclosed portion does not contain any private user data. If not, then,
Figure GDA00037674879800002316
it would be necessary to find the smallest substring containing all sensitive blocks and revise the prefix/suffix, similar to above.
GCM, unlike CBC-HMAC, blocks are revealed to be very efficient in GCM. First of all, the first step is to,
Figure GDA00037674879800002317
revealing AES (k, IV) and AES (k,0) with proof of correctness in ZK to allow
Figure GDA00037674879800002318
And verifying the integrity of the ciphertext. Then, in order to reveal the ith block,
Figure GDA00037674879800002319
revealing only the ith counter C with proof of correctness i =AES(k,inc i (IV)) encryption.
Figure GDA00037674879800002320
Ith blocks can be decrypted because
Figure GDA00037674879800002321
Is a public initial vector for a session, and inc i (IV) refers to incrementing IV i times (the exact format of inc is not important). Is composed ofIt is disclosed that the TLS record,
Figure GDA00037674879800002322
the above protocol is repeated for each block. Also, additional details are provided elsewhere herein.
To summarize the above, CBC-HMAC allows efficient selective disclosure at the TLS record level and revision at the block level in the DECO, while GCM allows efficient disclosure at the block level. The selective opening may also serve as a pre-process to reduce the input length for subsequent zero knowledge proofs.
For many applications, a verifier
Figure GDA00037674879800002323
It may be desirable to verify that the disclosed substring occurs in the correct context. We refer to this property as "context integrity". In the following, we present methods for
Figure GDA0003767487980000241
Techniques to specify context and techniques for
Figure GDA0003767487980000242
Techniques to efficiently prove context integrity.
For ease of explanation, our following description initially focuses on the revealing mode, i.e.,
Figure GDA0003767487980000243
expose server pair
Figure GDA0003767487980000244
The substring of the response of (1). The revision mode will be described next.
Our technical assumptions for specifying context are sent to a given server
Figure GDA0003767487980000245
And TLS protected data sent from the server has a pair
Figure GDA0003767487980000246
And
Figure GDA0003767487980000247
both known and well-defined context-free grammars
Figure GDA0003767487980000248
In case of slight abuse of symbols, we assume that
Figure GDA0003767487980000249
Refers to both the grammar and the language in which it is specified. Therefore, the temperature of the molten metal is controlled,
Figure GDA00037674879800002410
is referred to by
Figure GDA00037674879800002411
A string R in a given language. Let us assume that
Figure GDA00037674879800002412
To be specific, i.e. each
Figure GDA00037674879800002413
Having a uniquely associated parse tree T R . JSON and HTML are examples of two widely used languages that meet these requirements and are the focus of us here.
When in use
Figure GDA00037674879800002414
Then present from
Figure GDA00037674879800002415
Some of the substrings R of response R Open by opening When we say that we are passing
Figure GDA00037674879800002416
Expected generation of R in some way Open by opening In the case of (1), R Open and open With context integrityAnd (4) sex. In particular to the way in which the flow of air is controlled,
Figure GDA00037674879800002417
specify a set of locations S in which she can expect to see valid substrings R in R Open and open . In our definition, S is from
Figure GDA00037674879800002418
A set of paths from the root to the internal nodes in the defined parse tree. So S e S, we refer to the non-end sequence of the admissible path. Suppose ρ R To denote T R Root of (2) ((
Figure GDA00037674879800002419
The parse tree for R in (1). We say if T R Having subtrees whose leaves produce (i.e. are concatenated to form) a string R Open and open ) Then character string R Open and open With contextual completeness with respect to (R, S), and presence from ρ R The path S to the root of the tree is S.
Formally, we are based on assertions
Figure GDA00037674879800002420
The context integrity is defined. More particularly, at the time of TLS response
Figure GDA00037674879800002421
Grammar of (2)
Figure GDA00037674879800002422
Substring R of R Open and open In the case of a set of allowable paths S, we apply the context function
Figure GDA00037674879800002423
Defined as a Boolean-type function such that if and only if there is a slave
Figure GDA00037674879800002424
To
Figure GDA00037674879800002425
S ∈ T of S R Of subtrees
Figure GDA00037674879800002426
And is
Figure GDA00037674879800002427
Generation of R Open and open When the temperature of the water is higher than the set temperature,
Figure GDA00037674879800002428
R open and open Is said to be in
Figure GDA00037674879800002429
In the true case there is context integrity with respect to (R, S).
Referring again to the example of fig. 5, consider a JSON string J in accordance with the example. JSON contains the following rules (roughly):
start → object → { Pair }
Pair → "key" → value pair → pair | pair, pair
Key → char value → char | object
In the case of the above-described example,
Figure GDA00037674879800002430
pairing p of pair learning by checking a/c with a key Inspection of Is given as a "balance" pairing with a key in the object ρ Balance of Is of interest. Each of these non-endings is used to parse the tree T J The node in (1). From T J From the root to p Inspection of The path of (c) requires traversal of the form start → object → pair → p Examination of Wherein a pair denotes a sequence of zero or more pairs. S is a group of such sequences and R Open and open For the string "check a/c": { "balance": $2000 }.
In general, R is demonstrated without direct disclosure of R Open and open With the integrity of the context, i.e.,
Figure GDA0003767487980000251
this is due to the calculation
Figure GDA0003767487980000252
It may be desirable to calculate T for potentially longer strings R R . However, we have observed that under certain assumptions that TLS-protected data generally satisfies, this can be achieved by making the TLS-protected data
Figure GDA0003767487980000253
By applying
Figure GDA0003767487980000254
And
Figure GDA0003767487980000255
transforming Trans of agreement and preprocessing R removes much overhead and certifies R Open and open Relative to R '(usually a much shorter string) and S' (composed of
Figure GDA0003767487980000256
A set of allowable paths specified based on S and Trans) has contextual integrity.
Based on this observation, we introduce techniques for efficient computation of R Open and open And certify
Figure GDA0003767487980000257
Figure GDA0003767487980000258
Suppose that
Figure GDA0003767487980000259
And
Figure GDA00037674879800002510
protocol
Figure GDA00037674879800002511
Syntax used by the web server, and transform Trans. Suppose that
Figure GDA00037674879800002512
To be used for all
Figure GDA00037674879800002513
The syntax of (2) string Trans (R). Based on the Trans, the method of the present invention,
Figure GDA00037674879800002514
specifying allowable Path S' and constraining Condition checking function
Figure GDA00037674879800002515
In the first phase of the process,
Figure GDA00037674879800002516
(1) computing a substring R of R by parsing R Open by opening (so that
Figure GDA00037674879800002517
Figure GDA00037674879800002518
) (2) calculating another character string R' ═ trans (R). In the second stage of the process, the first stage,
Figure GDA00037674879800002519
with zero knowledge to
Figure GDA00037674879800002520
Identification (1)
Figure GDA00037674879800002521
And (2)
Figure GDA00037674879800002522
It should be noted that in addition to disclosing parameters
Figure GDA00037674879800002523
S、S′、Trans、
Figure GDA00037674879800002524
In addition, the validator only sees submissions to RAnd finally, R Open and open
This protocol makes zero knowledge calculations significantly cheaper by deferring actual resolution to unverifiable calculations. In other words,
Figure GDA00037674879800002525
and
Figure GDA00037674879800002526
are comparable in calculation
Figure GDA00037674879800002527
Is much more efficient to compute.
We formalize the correctness conditions for two-stage parsing in the operational semantic rules given below. Here, the first and second liquid crystal display panels are,<f,σ>refers to applying the function f on the input σ, and
Figure GDA00037674879800002528
refer to if precondition P is true, then conclusion C is true.
In a given grammar
Figure GDA00037674879800002529
Context function and allowable paths
Figure GDA00037674879800002530
Transform Trans, with context function and tolerable path
Figure GDA00037674879800002531
Sum function
Figure GDA00037674879800002532
Grammar of
Figure GDA00037674879800002533
In the case of (A), we say that if R is satisfied for all of (R, R', R) Open and open ) So that
Figure GDA00037674879800002534
B, n of Boolean typeExercise apparatus
Figure GDA00037674879800002535
With respect to S being correct, the following rule holds:
Figure GDA00037674879800002536
below, we focus on an example syntax suitable for use in a DECO application, and present a specific construction of a two-stage parsing scheme.
A wide class of data formats, such as JSON, have the concept of key value pairs. Thus, it is our focus in some embodiments of DECO.
Key value syntax
Figure GDA0003767487980000261
According to the rule "Pair →Start ofSecret keyIntermediate ofValue ofEnd up"generating a key value pair, whereinStart ofIntermediate (II)Andend ofIs a delimiter. For such grammars, the optimized array can greatly reduce the complexity of the attestation context. We discuss several such optimizations below, with additional details provided elsewhere herein.
For key value syntax
Figure GDA0003767487980000262
Path set S if for
Figure GDA0003767487980000263
Substring R conforming to context integrity Open and open R needs to be keyed with a global unique key K Open and open Resolve to a key value pair, then R Open and open Only the substring of R is needed and correctly resolved as a pair. In particular, Trans (R) outputs a substring R' of R containing the required key, i.e., the form "Start ofKIntermediate (II)Value ofEnd up"and
Figure GDA0003767487980000264
can output R Open and open =R′。
Figure GDA0003767487980000265
Can be regulated by
Figure GDA0003767487980000266
Wherein
Figure GDA0003767487980000267
Is used for
Figure GDA0003767487980000268
Generates the start symbol in the rule. Then (1)
Figure GDA0003767487980000269
Check the substring that R' is R and (2) for
Figure GDA00037674879800002610
Inspection (a)
Figure GDA00037674879800002611
And (b) R Open and open R'. In some applications herein, a globally unique key is generated, for example when selectively opening a response to age.
So far, our description of two-phase parsing assumes that patterns are revealed, where
Figure GDA00037674879800002612
To the direction of
Figure GDA00037674879800002613
Revealing the substring R of R Open by opening And proving R Open and open Relative to the device composed of
Figure GDA00037674879800002614
The specified set of allowable paths has contextual integrity. In the revision mode, the process is similar, but
Figure GDA00037674879800002615
Generation of pairs R using the previously described techniques Open and open Is removing R Open by opening For example, by replacing its location with a dummy character, rather than explicitly revealing R Open by opening
Applications of
The DECO disclosed herein can be used in any predictive machine based application. To illustrate its versatility, we have implemented and evaluated three example applications that take advantage of their various capabilities: 1) a confidential financial instrument implemented by a smart contract; 2) converting the legacy credential into an anonymous credential; and 3) privacy preserving price discrimination reporting.
Financial derivatives are among the most commonly listed intelligent contract applications, and illustrate the need to authenticate data feeds (e.g., stock prices). For example, one popular financial instrument that is easily implemented in smart contracts is a binary option. This is the price P between the two parties for some assets N at a specified future time (e.g., the end of day D) * Whether or not the predetermined target price P (i.e., P) will be equal to or exceeded * P) or more. Intelligent contract calling prophetic machine for implementing this two-value option
Figure GDA00037674879800002616
To determine the result.
In principle, for a binary option in a chain,
Figure GDA00037674879800002617
the base asset N and the target price P may be hidden. It accepts only option details under the chain and reports only the specified result Stmt: ═ P * ≧? The bit of P. This process is called Mixicle.
The limitation of the basic Mixicle construction is that,
Figure GDA00037674879800002618
learn details of the financial instrument itself. Prior to DECO, a prolog service using only Trusted Execution Environment (TEE) may be provided to
Figure GDA00037674879800002619
The query is hidden. We now show how DECO can be found in
Figure GDA00037674879800002620
Binary option execution is supported without learning the details of the financial instrument (i.e., N or P). In this regard it should be noted that ≧ are the assertion direction ≧? Or ≦? May be randomized. In addition, winner and loser identities and payment amounts may be hidden. Additional steps may be taken to hide other metadata, such as accurate settlement time.
In this example application, the option winner comes into play
Figure GDA0003767487980000271
And exert the functions of
Figure GDA0003767487980000272
Of (2) act
Figure GDA0003767487980000273
Signed result Stmt is obtained. We now describe the protocol and its embodiments.
Suppose that
Figure GDA0003767487980000274
A key pair referring to a predictive engine. In this embodiment, the binary option is specified by an asset name N, a threshold price P, and a settlement date D. We pass through the witness r M C of (A) M =com(M,r M ) Refers to the submission of message M.
Fig. 11 illustrates both Alice and Bob executing a confidential binary option. Alice uses DECO to access the stock price API and make
Figure GDA0003767487980000275
Confident that she has won. Examples of requests and responses are shown to the right, and shaded text in this portion of the figure is sensitive information to be revised.
The binary option process illustrated in fig. 11 includes the following steps:
1) setting: alice and Bob agree on a binary option { N, P, D } and create a binary option with an identifier ID SC Intelligent contracts SC. The contract contains
Figure GDA0003767487980000276
Addresses of parties and options for parties with witnesses known to both parties { C N ,C P ,C D And (5) submitting the file. It also agrees with the public parameter theta P (e.g., a URL to retrieve the price of the asset).
2) And (4) settlement: suppose Alice wins the transaction. To ask for pay, she uses DECO to generate a ZKP that matches her location for the current asset price retrieved. Alice and
Figure GDA0003767487980000277
performing a DECO protocol (wherein
Figure GDA0003767487980000278
Acting as a verifier) to obtain a signal from theta P (target URL) retrieve asset prices. We assume that the response contains (N) * ,P * ,D * ). Divide ZKP in DECO to prove origin θ P In addition, Alice also demonstrates the following statement:
ZK-PoK{P,N * ,P * ,D * ,r N ,r P r D :(P≤ * )∧
C N =com(N * ,r N )∧C P =com(P,r P )∧C D =com(D * ,r D )}。
upon successful proof verification, the propheter returns a signed statement ID with the contract,
Figure GDA0003767487980000279
3) paying: alice provides a signed statement S to the contract that verifies the signature and pays the winner.
Alice and Bob need trust
Figure GDA00037674879800002710
Integrity (but not privacy). As explained elsewhere herein, it may further be hedged against integrity failures by using multiple predictors. Decentralizing trust on a predictive machine is a standard and deployed technology. We emphasize that DECO ensures privacy even if all the predictive machines are malicious.
As indicated above, FIG. 11 shows the request and response of the stock price API. User' s
Figure GDA00037674879800002711
It also requires a speech predictor
Figure GDA00037674879800002717
Sufficient portions of the HTTP GET request are revealed to ensure access to the correct API endpoint. The GET request contains several parameters, some of which are revealed similar to API endpoints, and others of which have sensitive details similar to stock names and private API keys.
Figure GDA00037674879800002712
Revising and converting sensitive param using the techniques disclosed herein
Figure GDA00037674879800002713
The remainder is disclosed. API key provisioning prevention
Figure GDA00037674879800002714
Sufficient entropy for learning sensitive param. But without additional attention, cheating
Figure GDA00037674879800002715
The semantics of the GET request can be altered and the cheating hidden by revising additional parameters. In order to ensure that this does not occur,
Figure GDA00037674879800002716
need to prove delimiter'&"and separator" — "do not appear in the revised text.
Suppose that
Figure GDA0003767487980000281
And R refers to response ciphertext and plaintext, respectively. In order to settle the option(s),
Figure GDA0003767487980000282
using the previously described two-phase resolution scheme
Figure GDA0003767487980000283
Proving that R contains evidence that he won the option. In the first phase of the process,
Figure GDA0003767487980000284
resolving R locally and identifying can enable
Figure GDA0003767487980000285
The smallest substring of R that is believed. In the embodiment of FIG. 11, which relates to stock prices, R Price The product is qualified by '05. price' and '1157.7500'. In the second stage of the process, the first stage,
Figure GDA0003767487980000286
demonstrated by ZK (R) Price ,P,r P ) Such that 1) R Price Is composed of
Figure GDA0003767487980000287
The decrypted substring of (a); 2) r Price Beginning at "05. price"; 3) the subsequent character forming a floating point number P * And said P is * More than or equal to P; and 4) com (P, r) P )=C P
Assuming that the key is unique and the key "05.price" is followed by a price, this two-phase parsing is secure, so that the syntax of this response is the key value syntax with the unique key, as described above. In a similar manner to that described above,
Figure GDA0003767487980000288
the certification contained in R matches the submission with the name and date of the stock. In the case of the CBC-HMAC cryptographic suite, the zero knowledge proof circuit involves revising the entire record (408 bytes), computing commitments, and string processing.
HTTP GET requests (and HTML) have special restrictions: the boundary between the key and the value (i.e.,intermediate (II)) And the start of the key-value pair (i.e.,start of) Never a substring of keys or values. This means that in order to revise more than a single consecutive key or value,
Figure GDA0003767487980000289
must be revisedIntermediate (II),Start ofThe character in (c). So we make
Figure GDA00037674879800002810
And (4) checking: (1) r | ═ R' |; and (2)
Figure GDA00037674879800002811
Or R [ i ]]=R′[i](D is a dummy character for in-situ revision). Then it is not necessary to check
Figure GDA00037674879800002812
Legacy to anonymous credentials: user credentials are typically inaccessible outside of the service provider's environment. Some providers provide third party API access via OAuth tokens, but such tokens reveal the user identifier. DECO allows users to save credentials in existing systems (we call "legacy credentials") to anonymously prove statements about them to third parties (verifiers). Thus, in some embodiments, DECO allows a user to convert any network-based legacy credentials into anonymous credentials without server-side support or trusted hardware.
Fig. 12 shows an example of this application, where a student uses a voucher (demographic details) stored on a college website to prove that her/his age is over 18 years. The student may provide this proof of age to any third party, such as the government issuing the driver's credentials or the hospital seeking permission for a medical examination. We implement this example using the AES-GCM cryptographic suite and two-stage parsing with unique key-based optimization.
In the example of fig. 12, the demographic details of the students stored on the university website include names, dates of birth, student IDs, and so forth. The highlighted text contains the student's age. The disclosed schema is used with two-stage parsing. The prover parses 6 to 7 AES blocks containing the date of birth and proves to the verifier that her age is above 18 years old with ZK. Similar to the other examples, this is also a key value syntax with a unique key due to the unique HTML tag that surrounds the birth date. Similar to the binary option application, this example requires additional string processing to parse the date and calculate the age.
Price discrimination means that the same product or service is sold to different buyers at different prices. Ubiquitous consumer tracking enables online shopping and booking sites to employ sophisticated price discrimination, e.g., adjusting prices based on customer zip codes. Price discrimination can result in economic efficiency and is therefore widely tolerated under existing laws.
However, in the united states, FTC prohibits price discrimination if it causes competitive harm, and new privacy-focused laws in europe (e.g., GDPR) refocus on the legitimacy of this practice. Consumers are generally reluctant to undergo price discrimination in any event. Currently, however, there is no trusted way for users to report on-line price discrimination.
Fig. 13 shows an example of such an application, where DECO allows buyers to make verifiable statements about perceived price discrimination by proving that the advertising price of a good is above a threshold, while hiding sensitive information such as name and address. We implement this example using the AES-GCM cipher suite for TLS sessions and reveal 24 AES blocks containing the necessary order details and request URL.
As illustrated in fig. 13, the portion of the order invoice page in HTML on a shopping website (e.g., Amazon) contains personal details, such as the name and address of the buyer. The buyer wants to convince a third party (verifier) of the price charged for a particular product on a particular date. In this example, we use the AES-GCM cipher suite and reveal mode to reveal the necessary text in the upper portion of the order invoice page, while the shaded sensitive text in the lower portion (including shaded buyer name, address and city) is hidden. The number of AES blocks revealed from the response is 20 (due to the longer product name). In addition, 4AES blocks from the request are revealed to prove access to the correct endpoint. Contextual integrity is guaranteed by revealing surrounding unique strings, e.g., the string around the price of an item "< tr > Order Total:" appears only once in the entire response.
Implementation and evaluation
We now describe implementation details and evaluation results of DECO and three applications.
We implement the three-way handshake protocol (3P-HS) and the query execution protocol (2PC-HMAC and 2PC-GCM) for TLS1.2 in approximately 4700 lines of C + + code. We constructed a manually optimized TLS-PRF circuit with a total AND complexity of 779,213. We also use a variant of the known AES circuit. Our embodiment uses reic for the Paillier cryptosystem and EMP toolkit for the malicious security 2PC protocol.
We integrate three-way handshaking and the 2PC-HMAC protocol with the popular TLS implementation, mbedTLS, to build an end-to-end system. The 2PC-GCM can be similarly integrated into TLS with more engineering effort. We evaluated the performance of 2PC-GCM alone. The performance impact of the integration should be negligible. We do not implement the 3P-HS for TLS 1.3, but consider that the performance should be comparable to that for TLS1.2, since the circuit complexity is similar.
We evaluated the performance of DECO in both LAN and WAN settings. Both the prover and verifier run on the c5.2xlarge AWS node with an 8vCPU core and 16GB RAM. We located the two nodes in the same region (but different availability zones) in the LAN setting, but in two different data centers (in ohio and oregon) in the WAN setting. The round-trip time between two nodes in the LAN and WAN is about 1ms and 67ms, respectively, and the bandwidth is about 1 Gbps.
Table 1 below summarizes the run time of the DECO protocol during the TLS session. The mean and standard error of the mean (in brackets) were calculated using 50 samples. The MPC protocol we use relies on offline preprocessing to improve performance. Since the offline phase is input independent and target independent, it can be done before the TLS session. Only the online phase is on the critical path.
Figure GDA0003767487980000301
Table 1: runtime and query execution protocol for 3P-HS. All times are in milliseconds.
As shown in table 1, the DECO protocol is very efficient in LAN settings. It takes 0.37 seconds to complete the three-way handshake. For query execution, 2PC-HMAC is efficient (0.13 s per record) because it only involves one SHA-2 evaluation in 2PC, regardless of record size. 2PC-GCM is generally more expensive and the cost depends on the query length, since it involves 2PC-AES over the entire query. We evaluate its performance with queries in the 256B to 2KB range (see typical size in HTTP GET requests). In a LAN setting, the performance is efficient and comparable to 2 PC-HMAC.
In WAN settings, runtime is dominated by network latency, as MPC involves many rounds of communication. However, performance is still acceptable under the conditions that DECO may only see periodic use for most applications we consider.
We instantiated the zero knowledge proof with the standard proof system in libsnark. We have designed presentation templates that can be efficiently certified, but users of DECO need to adapt them to their specific application. The SNARK compiler enables this adaptation in high-level languages, hiding low-level details from developers. We use xjsnark and its Java class high level language to build statement templates and libsnark compatible circuits.
We chose the basic basis for libsnark as its relatively mature tooling support. The proof produced by libsnark is of constant size and the verification is very efficient, with the downside being a per-circuit trusted setting. With more effort, DECO may be adapted to use, for example, buckettproof, which does not require trusted settings, but has greater certification and verification times.
We measure five performance metrics for each example-prover time (time to generate a proof), verifier time (time to verify a proof), proof size, number of arithmetic constraints in the circuit, and peak memory occupancy during proof generation.
Table 2 below summarizes the results. The mean and its standard error were calculated using 50 samples. By using efficient statement templates and two-stage parsing, DECO achieves very feasible prover performance. Since libsnark is optimized for low authentication overhead, the authenticator time is negligible. The number of constraints (and prover time) for the binary option application is highest due to the extra string parsing routine. We use multiple proofs in each application to reduce peak memory occupancy. For the most complex applications, the memory occupancy is 1.78 GB. Since the libsnark proves to be of constant size 287B, the demonstrated size is shown as a multiple thereof.
Figure GDA0003767487980000311
Table 2: the cost of ZKP is generated and validated in the proof generation stage of the DECO for the application.
DECO end-to-end performance depends on the available TLS cryptographic suite, the size of the private data, and the complexity of the application-specific proof. Here we present the end-to-end performance of the most complex of the three applications we implement (binary options). It takes about 13.77s to complete the protocol, which includes the time it takes to produce an unforgeable submission (0.50s), run the first stage of the two-stage parsing (0.30s), and produce a zero knowledge proof (12.97 s). Calculating these numbers in the LAN settings; in the WAN setting, the MPC protocol is more time consuming (5.37s), pushing the end-to-end time to 18.64 s.
In contrast, Town Crier performs similar applications using TEE within about 0.6s (i.e., about 20 x faster than DECO), but with added trust assumptions. Since DECO may only be used periodically for most applications, its overhead to achieve cryptographic strength security guarantees seems reasonable.
Problems of law and compliance
While the user may have retrieved their data from the website, DECO allows the user to output the data with the integrity certification without their explicit approval or even perception. We now briefly discuss the resulting legal and compliance considerations.
However, it is critical that the DECO user cannot export data with integrity guarantees to third parties in one direction, but relies on the prediction machine acting as a verifier for this purpose. When the DECO keeps the user data private, the predictive engine learns the websites and data types the user visits. Thus, the propheter may enforce appropriate data usage, e.g., deny transactions that may lead to copyright infringement.
Both the user and the predictive speaker have legal responsibility for the data that they access. However, recent case law on Computer Fraud and Abuse Act (CFAA) shows criminal transition from network capture, and federal law adjudication to violation of website's service terms is not itself a criminal act. Users and predictive machines that violate the terms of the web service (e.g., "click wrap") become at risk of civil penalties. It is a site and application specific issue that DECO complies with the terms of service for a given site.
The predictive engine has the incentive to establish itself as a trustworthy entity within intelligent contracts and other ecosystems. We expect that a well-credited predictive engine will provide the user with a menu of the specific confirmations they post and the target web sites they approve, review these options to maximize security and minimize liability, and possibly notify or collaborate with the target server.
Also of importance are legal, performance and compliance implications based on incorrect validation of incorrect (and possibly corrupted) data. However, today's internet services have complex multi-site data dependencies, and therefore these problems are not specific to DECO. The predictive engine service has relied on multiple data sources to help ensure correctness. The predictive-machine service can typically end up producing an infrastructure similar to that of a certificate, including online review and revocation capabilities and different levels of security.
DECO in the illustrative embodiments disclosed herein is a privacy-preserving, decentralized prescaler scheme for modern TLS versions that does not require trusted hardware or server-side modifications. DECO allows a prover to generate an unforgeable submission to a TLS session and efficiently prove statements about the contents of the session. Some embodiments leverage a novel two-phase resolution scheme to mitigate context integrity attacks that are common to privacy preserving speakers. The DECO can release data from the centralized network services repository, making it accessible to rich applications. The utility of DECO is demonstrated herein by a fully functional implementation along with three example applications.
Protocol details of GCM
GCM is an Authenticated Encryption (AEAD) cipher using extra data. For encryption, the GCM cipher takes as input the tuple (k, IV, M, a) secret key, initial vector, plaintext of a plurality of AES blocks and additional data to be included in the integrity protection; which outputs ciphertext C and tag T. Decryption reverses the process. The decryption cipher uses (k, IV, C, a, T) as input and first checks the integrity of the ciphertext by comparing the recalculated tag with T, then outputs the plaintext.
Compute ciphertext in counter mode:
Figure GDA0003767487980000321
wherein inc i Refer to incrementing IV i times (the exact format of inc is not important).
The label (k, IV, C, a) is calculated as follows. In a given vector
Figure GDA0003767487980000322
In the case of (1), the associated GHASH polynomial
Figure GDA0003767487980000323
Is used in
Figure GDA0003767487980000326
The addition and multiplication performed in (A) is limited to
Figure GDA0003767487980000324
Without damagingWithout loss of generality, assume that a and C are properly filled. Let l A And l C Refers to its length. GCM tag is
Figure GDA0003767487980000325
Where h is AES (k, 0).
When using GCM in TLS, each plaintext record D is encrypted as follows. The unique nonce n is selected and the additional data κ is calculated as a concatenation of the sequence number, version and length of D. GCM encryption is invoked to generate a payload record as M | GCM (k, n, D, κ).
Additional details regarding GCM can be found, for example, in Morris J Dworkin, SP 800-38d, "recommendations for block cipher mode of operation: galois/counter mode (GCM) and GMAC (Recommendation for block coordinator modes of operation: Galois/counter mode (GCM) and GMAC) ", Technical Report, 2007, which is incorporated herein by reference.
Query execution
Computing or validating the GCM tag involves evaluating equation (1) above in 2 PC. The challenge is that equation (1) involves arithmetic calculations (e.g.,
Figure GDA0003767487980000331
polynomial evaluation in (e.g.) and binary computation (e.g., AES). Multiplication in large domains in binary circuits is expensive, while in large domains
Figure GDA0003767487980000332
Calculate AES (in GF (2) 8 ) Defined in (b) incurs high overhead. Even though the computation may be separated into two circuits in some way, only the polynomials are evaluated (this is recorded for each record in
Figure GDA0003767487980000333
Where approximately 1,000 multiplications are used) would also be prohibitively expensive.
Our protocol removes the need for polynomial evaluation. The actual 2PC protocol involves only binary operations and can therefore be done in a single circuit. Furthermore, the per record calculation is reduced to only one call of 2 PC-AES.
This is done by calculating { h (in 2PC protocol) { in the preprocessing phase at the beginning of the session i And (c) sharing of the same. The overhead of preprocessing is amortized over the session due to the same h for all records after (amortized). Using { h i The sharing of the stream is carried out,
Figure GDA0003767487980000334
and
Figure GDA0003767487980000335
the polynomial evaluation can be computed locally
Figure GDA0003767487980000336
To share. It also calculates AES (k, IV) in 2PC to get share of Tag (k, IV, C, A). In general, only one call of 2PC-AES is needed to check the label of each record.
It is important that,
Figure GDA0003767487980000337
never respond more than once to the same IV; otherwise
Figure GDA0003767487980000338
H will be learned. In particular, in each response,
Figure GDA0003767487980000339
disclose and present
Figure GDA00037674879800003310
Form of her share
Figure GDA00037674879800003311
Blind linear combination of (1). Importantly, the values are blinded by AES (k, IV) because
Figure GDA00037674879800003312
Is not blindThe linear combination will allow
Figure GDA00037674879800003313
And solving for h. Therefore, if
Figure GDA00037674879800003314
Respond twice to the same IV, then two responses may be added (at
Figure GDA00037674879800003315
Middle) to remove blinding:
Figure GDA00037674879800003316
this follows the temporary value uniqueness requirement of GCM.
Once the tag is properly checked, decryption of the record is simple.
Figure GDA00037674879800003317
And
Figure GDA00037674879800003318
the AES encryption of inc' (IV) with 2PC-AES is simply calculated. The subtlety to be noted is that,
Figure GDA00037674879800003319
it has to be checked that the counter to be encrypted has not previously been used as IV. If not, then,
Figure GDA00037674879800003320
h will be learned to in a manner similar to that outlined above
Figure GDA00037674879800003321
Proof generation
Blocks are disclosed.
Figure GDA00037674879800003322
Want to make
Figure GDA00037674879800003323
Make sure AES Block B i For encrypting records
Figure GDA00037674879800003324
Ith block in (1). The proof strategy is as follows: 1) certifying AES Block B i Encrypt to ciphertext block
Figure GDA0003767487980000341
And 2) certify the tag is correct. It turns out that only 1 AES in ZKP is needed for correct encryption. Without the creation of a radix rehmanniae, it was demonstrated that the correct label elicited 2AES block encryptions in the GHASH polynomial and ZKP of evaluation order 512.
We can pass through the permission
Figure GDA0003767487980000342
To
Figure GDA0003767487980000343
Two encrypted messages AES (k, IV) and AES (k,0) are disclosed to enable much more efficient attestation, allowing
Figure GDA0003767487980000344
The tag is verified (see equation (1)).
Figure GDA0003767487980000345
It is only necessary to prove that the correctness of the encryption in ZK and the key used corresponds to the commit, thus requiring 2AES and 1SHA-2(
Figure GDA0003767487980000346
Submitted to by revealing hashes of the keys
Figure GDA0003767487980000347
). Therefore, the total cost in ZKP is 3AES and 1 SHA-2.
The certification technique is a simple extension from the above.
Figure GDA0003767487980000348
Reveal the entire record rec and prove the correct AES encryption of all AES blocks, resulting inA total of 514AES and 1SHA-2 in ZKP.
TLS records are disclosed, except for blocks, similar to the above,
Figure GDA0003767487980000349
the encryption of all blocks in the record except one block is certified, resulting in a total of 513AES and 1SHA-2 in ZKP.
Protocol extension
Adapted to support TLS 1.3, the 3P-HS protocol must be adapted to the new handshake flow and the different key derivation circuits. It is worth noting that all handshake messages after ServerHello are now encrypted. An immature policy would be to decrypt the message in 2PC, which would be expensive because the certificate is usually large. Due to the key independence nature of TLS 1.3, however,
Figure GDA00037674879800003410
and
Figure GDA00037674879800003411
the handshake encryption key can be securely revealed without affecting the secrecy of the final session key. Handshake integrity is protected because the completed message authenticates the handshake using yet another independent key.
Thus, the optimized 3P-HS functions as follows.
Figure GDA00037674879800003412
And
Figure GDA00037674879800003413
ECDHE was performed as before. It then derives the handshake and application key by executing the 2PC-HKDF, and sends it to
Figure GDA00037674879800003414
Revealing handshake keys to allow
Figure GDA00037674879800003415
The handshake messages are decrypted locally (i.e., without 2 PC). 2PC circuit relates toRoughly 30 calls for SHA-256, totaling about 70k AND gates, is comparable to the call for TLS 1.2. Finally, since CBC-HMAC is not supported by TLS 1.3, DECO can only be used in GCM mode.
For applications that bind responses to queries, for example, when stock quotes are included with quotes, the 2PC query construction protocol may be avoided altogether. Since TLS uses separate keys for each direction of communication, it can be done after handshaking
Figure GDA00037674879800003416
Revealing client-to-server keys such that
Figure GDA00037674879800003417
Can be out of the way of
Figure GDA00037674879800003418
The server is queried in the case of an interaction.
DECO is extensible to support multi-turn sessions, where
Figure GDA00037674879800003419
Further queries are sent depending on the previous response. After each of the rounds, the result is obtained,
Figure GDA00037674879800003420
a similar 2PC protocol is performed as above to validate the MAC tag of the incoming response, since MAC validation and creation are symmetric. However, additional commit is required to prevent
Figure GDA00037674879800003421
MAC authentication is abused to forge the tag.
In TLS, different MAC keys are used for server-to-client and client-to-server communication. In order to support a multi-round session,
Figure GDA0003767487980000351
and
Figure GDA0003767487980000352
run 2PC to verify the label for the former and create a label on the new message for the latter. The previous description herein specifies the protocol used to create (and verify) the MAC tag. We now discuss additional security considerations for multi-turn sessions.
When checking the tag of a server-to-client message, we have to ensure that
Figure GDA0003767487980000353
It is not possible to forge a tag on a message that was not originally from the server. Suppose that
Figure GDA0003767487980000354
It is desired to verify the tag T on the message M. Let us make
Figure GDA0003767487980000355
First submitted to T, then
Figure GDA0003767487980000356
And
Figure GDA0003767487980000357
the 2PC protocol is run to calculate the tag T' on the message M. Require that
Figure GDA0003767487980000358
Open pair
Figure GDA0003767487980000359
And if T ≠ T', then
Figure GDA00037674879800003510
The protocol is aborted. Due to the fact that
Figure GDA00037674879800003511
Does not know the MAC key, so
Figure GDA00037674879800003512
Cannot be computed and submitted on messages not coming from the serverThe label of (1).
When creating a ticket for a client-to-server message,
Figure GDA00037674879800003513
it is ensured that the MAC tag is created on the message with an increased sequence number according to the requirements of TLS. This also prevents maliciousness
Figure GDA00037674879800003514
Two messages with the same sequence number are created because there is no provision for
Figure GDA00037674879800003515
Distinguishing which is sent to the server.
Alternative DECO protocols: as shown in table 1, the HMAC mode of DECO is efficient and the runtime creating and verifying HMAC tags in 2PC is independent of record size. The GCM mode is efficient for small requests with preprocessing, but can be expensive for large records. We now present an efficient alternative to avoid the post-handshake 2PC protocol altogether.
In this alternative, the verifier
Figure GDA00037674879800003516
Acting as a prover
Figure GDA00037674879800003517
And TLS server
Figure GDA00037674879800003518
The proxy between them, that is,
Figure GDA00037674879800003519
by passing
Figure GDA00037674879800003520
Sending a message to
Figure GDA00037674879800003521
Receive messages therefrom. Of the DECO protocolThe modified flow is as follows: after the three-way handshake, the user can,
Figure GDA00037674879800003522
submitted to her key sharing
Figure GDA00037674879800003523
Followed by
Figure GDA00037674879800003524
To the direction of
Figure GDA00037674879800003525
Disclosed is a method for producing a polycarbonate
Figure GDA00037674879800003526
Therefore, the temperature of the molten metal is controlled,
Figure GDA00037674879800003527
now with the whole session key
Figure GDA00037674879800003528
Due to the fact that
Figure GDA00037674879800003529
Continue the session with the server using k, so
Figure GDA00037674879800003530
And recording the proxy service. After the end of the session has been completed,
Figure GDA00037674879800003531
the statements about the recording session are certified as before.
In such embodiments, the three-way handshake provides non-forgeability. Unlike CBC-HMAC, GCM does not commit: given a ciphertext and a label encrypted with key k (C, T0, it can be found that decrypting C into k' ≠ k for different plaintexts when computing the same label, since the GCM MAC is not collision-resistant
Figure GDA00037674879800003532
Submitted to her key sharing before learning the session key.
The security properties and network assumptions associated with the proxy mode protocol will now be described. The verifier integrity and privacy nature is clear because of maliciousness
Figure GDA00037674879800003533
The integrity and privacy of TLS cannot be broken (by assumptions).
However, for prover integrity, we need to assume that the proxy can reliably connect to the whole session
Figure GDA00037674879800003534
First, we assume that the agent can determine that it is actually in conjunction with
Figure GDA00037674879800003535
And (4) connecting. Furthermore, we assume that there is a proxy and
Figure GDA00037674879800003536
cannot be informed of the session key and can therefore modify the content of the session
Figure GDA00037674879800003537
And (5) tampering.
It should be noted that, during a three-way handshake,
Figure GDA00037674879800003538
the identity of the server can be validated by checking the signature of the server on the new nonce (in standard TLS). After the hand is held, however,
Figure GDA00037674879800003539
it must rely on a network layer indicator, such as an IP address. In the practice of the method, the first and second,
Figure GDA0003767487980000361
it is therefore necessary to have the correct, up-to-date DNS record, and
Figure GDA0003767487980000362
the network with the server (e.g., its ISP and backbone network) must be properly assured against traffic injection, e.g., through Border Gateway Protocol (BGP) attacks. In the illustrative embodiment, there is generally no eavesdropping problem.
These assumptions have been covered by other systems in similar proxy settings, as BGP attacks are challenging to install in practice. We can further enhance our protocol to resist traffic interception by distributing the verifier nodes geographically. Further, various known detection techniques may be deployed by the verifier. BGP attacks are typically recorded after the fact, so, when applicable, the application of DECO can be enhanced to support revocation of affected sessions (e.g., when DECO is used to publish credentials in an identity system).
This alternative protocol represents a different performance-security tradeoff. It is efficient because intensive cryptography does not occur after the handshake, but it requires additional assumptions about the network and therefore only bears weaker network adversaries.
Key value syntax and two-stage parsing
We refer to context-free grammar (CFG) as
Figure GDA0003767487980000363
Wherein V is a set of non-end symbols, Σ is a set of end symbols, P: V → (V ∑ U) * Is a set of production or rules and S e V is a start symbol. We use '-' to refer to a set of subtractions and use '-' to refer to a range to define the production rules for a CFG with standard notation. For a string w, the parser determines whether to use w by constructing a parse tree for w
Figure GDA0003767487980000364
The parse tree representation can then be used to extract a sequence of production rules for semantics.
These are syntaxes with the concept of key value pairs. These syntaxes are particularly interesting for DECO, since most API calls and responses are in fact key value syntaxes.
If grammar exists
Figure GDA0003767487980000365
Then
Figure GDA0003767487980000366
By a syntax called key value, so that given any
Figure GDA0003767487980000367
In the case of (a) the (b),
Figure GDA0003767487980000368
and
Figure GDA0003767487980000369
can be defined by the following rules:
s → object
Object → Pair-free string open versus one or more pairs closed
Pair → start key middle value end
Pair → pair of one or more pairs | ")"
Key → char
Value → chars | object
chars→char chars|""
char → unicode-escape | added Chars
Special → Start Special | intermediate Special | end Special
Start of→ escape from the future s Start special
Intermediate (II)→ escape from the future m Intermediate special features
End of→ escape from the future e Finish special
Escape → special | escape |.
In the above, S is a start non-end (meaning
Figure GDA0003767487980000371
Sentence in (b) open and close at non-end distinguishes between the opening and closing of the group by the key value, andstart ofIntermediate ofEnd upTo distinguish between the start of a key value pair, the separation between keys and values, and the special strings for which the pairing ends, respectively.
To remove ambiguity when parsing a special character (i.e., a character having a special meaning when parsing a grammar), special non-end escape is used. For example, in JSON, a key is parsed preceded by a 'space double quotation mark' (") and followed by a double quotation mark. If the key or value expression itself must contain a double quote, it must be preceded by a backslash (\), i.e., a escape. In the above rules, the non-end unambiguous preceding the special character means that it can be resolved into the special character. Thus, forward, we can assume that the generation of key-value pairs is unambiguous. Therefore, if key value syntax
Figure GDA0003767487980000372
The substring R 'of the string R in (b) resolves into a pair, then R' must correspond to a pair in the parse tree for R.
It should be noted that, in the above key value syntax,intermediate (II)No empty strings can be derived, i.e. non-empty strings must be markedIntermediate (II)To allow the key to be parsed from the value. However,start ofAndend upOne may have a null derivation since it only distinguishes the separation between the value in one pair and the key in the next pair. Finally, we should note that in some embodiments, in the two-stage parsing of the key value syntax, we only consider strings R with selective openness Open and open Corresponding to a pair of required allowable paths.
Many key value grammars enforce key uniqueness within a range. For example, in JSON, it may be assumed that the keys are unique within the JSON object, even though there may be duplicate keys across the object. This two-stage parsing of the grammar can be reduced to parse substrings. Specifically, Trans extracts the continuous substring R 'from R so that the range of a pair can be correctly determined even within R'. For example, in JSON, if
Figure GDA0003767487980000373
If and only returns true if R is a prefix of R, then only R is resolved to JSON until a yield R is generated Open and open Is sufficient to determine the character string R Open and open Whether or not to correspond to the correct context in R.
Syntax with unique key at a given key value
Figure GDA0003767487980000374
In this case, we define a function that checks the uniqueness of the key, denoted as
Figure GDA0003767487980000375
In a given character string
Figure GDA0003767487980000376
And another string k, if and only if there is at most one resolvableStart ofkIntermediate (II)When the sub-string of s is used,
Figure GDA0003767487980000377
due to the fact that
Figure GDA0003767487980000378
This means that in any parse tree of s there is at most one branch with node keys and derivation k. Suppose that
Figure GDA0003767487980000379
For inputting at grammar
Figure GDA00037674879800003710
Returns the true function. If for all
Figure GDA00037674879800003711
And all the possible keys k are used,
Figure GDA00037674879800003712
then we say the grammar
Figure GDA00037674879800003713
For a key value syntax with a unique key, i.e., for all strings R, C:
Figure GDA00037674879800003714
specific two-stage parsing for unique key syntax hypothesis
Figure GDA0003767487980000381
Is a unique key syntax as given above. Let us assume that
Figure GDA0003767487980000382
Is LL (1). This is the case for example for the syntax of interest described previously. The generic LL (1) parsing algorithm is known.
We target a set of T pairs context functions
Figure GDA0003767487980000383
Is instantiated such that T is contained in
Figure GDA0003767487980000384
The allowable path of the pairing of the character strings in (1). We furthermore allow
Figure GDA0003767487980000385
Taking as input an auxiliary limit, said auxiliary limit being the key k: (
Figure GDA0003767487980000386
Output R of Open and open The specified key in (1). The tuple (T, k) is denoted S and
Figure GDA0003767487980000387
suppose that
Figure GDA0003767487980000388
Is rule by
Figure GDA0003767487980000389
Wherein the pair is for
Figure GDA00037674879800003810
Is not at the end of the generation rule, and
Figure GDA00037674879800003811
is composed of
Figure GDA00037674879800003812
The start symbol in (1). We will want to
Figure GDA00037674879800003813
Defined as a function that determines whether a string s is present
Figure GDA00037674879800003814
And if so, whether the key in s is equal to k. At input R, R Open and open In the above-mentioned manner,
Figure GDA00037674879800003815
(a) by running
Figure GDA00037674879800003816
Examination of R Open and open Checking R for a valid key-value pair (b) with key k by running LL (1) parsing algorithm to parse R Open and open Resolve to a key value pair in R.
FIG. 14 shows a function for
Figure GDA00037674879800003817
In a key value syntax
Figure GDA00037674879800003818
In parsing a string R and searching for a specific key value pair R Open and open The generated example pseudo code. Will be used herein as
Figure GDA00037674879800003819
LL (1)) PTable hard-decoding of analysis table
Figure GDA00037674879800003820
To make pairs on a long character string R
Figure GDA00037674879800003821
In order to extract the substring R ' of R, we introduce a transformation Trans such that R ' is R ' on demand Open by opening
For the string s, t, we also define a function substring (s, t) that returns true in the case of a substring where t is s, and an equality (s, t) that returns true in the case of s-t. We define with rules
Figure GDA00037674879800003822
Figure GDA00037674879800003823
And
Figure GDA00037674879800003824
meaning that, each time equal (R', R) Open and open ) Time-piece
Figure GDA00037674879800003825
And rule
Figure GDA00037674879800003826
For all character strings R', S Open by opening Is true.
It can be shown that the display device can display,
Figure GDA00037674879800003827
is true with respect to R. More particularly, if R' is a substring of R, then the key value pair R Open and open By
Figure GDA00037674879800003828
Resolution, then the same pair is defined as
Figure GDA00037674879800003829
The substring of (2). Due to the fact that
Figure GDA00037674879800003830
Of the key of (1), there being only one such pairing R Open by opening And is
Figure GDA00037674879800003831
Must be true.
The additional protocol details above, similar to those described elsewhere herein, are presented merely as illustrative examples and are not intended to be limiting in any way. Other embodiments may utilize alternative protocol arrangements to implement decentralized oracle machines as disclosed herein.
As indicated above, illustrative embodiments of a decentralized prophetic machine as disclosed herein may be implemented in a wide variety of different applications.
For example, DECO can be used to implement a personal data market, where users control and sell their personal data. It is well known that web services benefit from monetizing user data. A personal data marketplace implemented using the techniques disclosed herein may corrupt this data by enabling users to sell their data in an open marketplace. In the illustrative embodiment, DECO is a key enabler for the personal data market, as DECO enables buyers to verify the source and integrity of data from websites. DECO also allows sellers to pre-process data, such as revision sensitive information, for privacy protection while preventing seller cheating. Some embodiments utilize DECO to provide verifiable statements for price discrimination.
As another example, DECO may be used to provide proof of financial reimbursement capabilities. As a more specific illustration of this type of arrangement, using DECO, Alice can prove to Bob that her balance at a particular bank exceeds $ 5000. This simple proof shows not only Alice's financial reimbursement capability, but also her ability to open an account (e.g., Alice is not on any sanctioning list while the bank is screening for anti-money laundering (AML)). Importantly, DECO protects her privacy by only revealing Alice's balance above $5,000, not her actual balance or identity.
As another example, DECO may be used to provide proof of account ownership. In one illustration of such an arrangement, ownership of an account (e.g., an email account, social media account, etc.) may be anonymously attested using DECO. For example, Alice may prove to Bob that she owns an email account ending with @ example. This demonstrates the Alice's contact with an organization, which is useful for, e.g., reporting, anonymous complaints, etc.
Additional examples of applications of a decentralized oracle as disclosed herein include credential recovery and decentralized identity. As an illustration of the former, DECO may enable a user to prove that she has access to a particular network resource, such as a Facebook account, in a privacy-preserving manner that avoids the use of OAUTH. This may enable a user to prove her identity with an existing service for key recovery, for example. As an illustration of the latter, DECO may also enable a user to prove in a privacy-preserving manner that she has certain features certified by a third-party provider (e.g., she is 18 years old). This is an example of what is also referred to herein as anonymous age attestation. Such proof can be used to construct credentials in a decentralized identity system.
The aforementioned decentralized prophetic application is merely an example and should not be construed as limiting in any way. Additional details regarding the implementation of these and other example applications of the decentralized propheter as disclosed herein may be found elsewhere herein.
Assume that communications between various elements of an information processing system configured to implement one or more decentralized oracle as disclosed herein are conducted via one or more networks. A given such network may illustratively include, for example: a global computer network, such as the Internet, WAN, LAN, satellite network, telephone or cable television network; cellular networks, such as 3G, 4G or 5G networks; wireless networks implemented using wireless protocols such as bluetooth, WiFi, or WiMAX, or various portions or combinations of these and other types of communication networks.
A given processing device implementing at least a portion of the functionality of a decentralized oracle as disclosed herein may include components such as a processor, memory, and a network interface. The processor is assumed to be operatively coupled to the memory and to the network interface. The memory stores software program code for execution by the processor in implementing portions of the functionality of the processing device.
It should be understood that the particular arrangements shown and described herein in connection with fig. 1-14 are presented as illustrative examples only, and that numerous alternative embodiments are possible. The various embodiments disclosed herein are therefore not to be construed as limiting in any way. In other embodiments, numerous alternative arrangements for implementing a decentralized oracle may be utilized. For example, those skilled in the art will recognize that alternative processing operations and associated system entity configurations may be used in other embodiments. It is thus possible that other embodiments may include additional or alternative system entities with respect to the entities of the illustrative embodiments. Moreover, in other embodiments, the particular system and device configurations and associated decentralized oracle may vary.
It should also be noted that the information handling system arrangement described above is merely exemplary, and that alternative system arrangements may be used in other embodiments.
A given client, server, processor, or other component in an information handling system as described herein is illustratively configured to utilize a corresponding processing device that includes a processor coupled to a memory. The processor executes software program code stored in the memory to control the performance of processing operations and other functionality. The processing device also includes a network interface that supports communication via one or more networks.
The processor may include, for example, a microprocessor, ASIC, FPGA, CPU, GPU, ALU, DSP, or other similar processing device component, as well as other types and arrangements of processing circuitry, in any combination. For example, at least a portion of the functionality of a decentralized oracle provided by a given processing device as disclosed herein may be implemented using such circuitry.
The memory stores software program code for execution by the processor in implementing portions of the functionality of the processing device. A given such memory, which stores such program code for execution by a corresponding processor, is an example of what is more generally referred to herein as a processor-readable storage medium having program code embodied therein, and may comprise, for example, electronic memory, such as SRAM, DRAM, or other types of RAM, ROM, flash memory, magnetic memory, optical memory, or other types of storage devices, in any combination.
Articles of manufacture that include such processor-readable storage media are considered embodiments of the invention. The term "article of manufacture" as used herein should be understood to not include a transitory propagating signal.
In other embodiments, other types of computer program products comprising a processor-readable storage medium may be implemented.
Additionally, embodiments of the invention may be implemented in the form of an integrated circuit that includes processing circuitry configured to implement processing operations associated with the decentralized oracle and other related functionality.
The processing devices in a given embodiment may include, for example, a laptop computer, a tablet computer or a desktop personal computer, a mobile phone, or other type of computer or communication device, in any combination. For example, a computer or mobile phone may be used as a processing device for implementing at least part of the functionality associated with a decentralized prognostics as disclosed herein. These and other communications between various elements of an information handling system, including processing devices associated with respective system entities, may occur via one or more networks.
An information handling system as disclosed herein may be implemented using one or more processing platforms, or portions thereof.
For example, one illustrative embodiment of a processing platform that may be used to implement at least a portion of an information handling system includes a cloud infrastructure that includes virtual machines implemented using a hypervisor running on a physical infrastructure. Such virtual machines may include respective processing devices that communicate with each other via one or more networks.
In such embodiments, the cloud infrastructure may further comprise one or more sets of applications running on respective ones of the virtual machines under control of the hypervisor. It is also possible to use multiple hypervisors, each providing a set of virtual machines that use at least one underlying physical machine. Different sets of virtual machines provided by one or more hypervisors may be utilized in configuring multiple instances of various components of an information handling system.
Another illustrative embodiment of a processing platform that may be used to implement at least a portion of an information handling system as disclosed herein comprises a plurality of processing devices in communication with each other via at least one network. Assume that each processing device of the processing platform includes a processor coupled to a memory.
Again, these particular processing platforms are presented by way of example only, and the information handling system may include additional or alternative processing platforms, as well as numerous different processing platforms in any combination, where each such platform includes one or more computers, servers, storage devices, or other processing devices.
For example, other processing platforms for implementing embodiments of the invention may include different types of virtualization infrastructure in place of or in addition to virtualization infrastructure that includes virtual machines. Thus, in some embodiments, it is possible that the system components may run at least partially in a cloud infrastructure or other type of virtualization infrastructure, including virtualization infrastructure utilizing a Docker container or other type of Linux container implemented using operating system level virtualization based on a Linux control group or other similar mechanism.
Thus, it should be understood that in other embodiments, different arrangements of additional or alternative elements may be used. At least a subset of these elements may be implemented collectively on a common processing platform, or each such element may be implemented on a separate processing platform.
In addition, many other arrangements of computers, servers, storage devices, or other components in an information handling system are possible. Such components may communicate with other elements of the information handling system via any type of network or other communication medium.
As indicated previously, the components of the system as disclosed herein may be implemented at least in part in the form of one or more software programs stored in a memory and executed by a processor of a processing device. For example, certain functionality associated with related components of a decentralized oracle entity or system may be implemented at least in part in the form of software.
The particular configuration of information handling systems described herein is merely exemplary, and given such systems may in other embodiments include other elements in addition to or instead of the elements specifically shown, including one or more elements of the type commonly found in conventional implementations of such systems.
For example, in some embodiments, an information handling system may be configured to utilize the disclosed techniques to provide additional or alternative functionality in other contexts.
Thus, the techniques described in the context of providing a decentralized oracle for TLS in some embodiments herein may be adapted in a straightforward manner for use in other contexts. Thus, the illustrative embodiments of the present invention should not be considered limited to TLS or its associated processing context.
It should also be understood that the particular process steps used in the embodiments described herein are merely exemplary, and other embodiments may utilize different types and arrangements of processing operations. For example, certain process steps shown as occurring in succession in an illustrative embodiment may, in other embodiments, occur at least partially in parallel with one another.
It should be emphasized again that the embodiments of the present invention as described herein are intended to be illustrative only. Other embodiments of the invention may be implemented using information handling systems, networks, and devices of a different type and arrangement than those used in the particular illustrative embodiments described herein and in numerous alternative processing contexts. In addition, certain assumptions made herein in the context of describing certain embodiments need not apply in other embodiments. These and numerous other alternative embodiments will be readily apparent to those skilled in the art.

Claims (25)

1. An apparatus, comprising:
a verifier device comprising a processor coupled to a memory;
the verifier device is configured to communicate with a client device and a server device via one or more networks;
wherein the verifier device is further configured to:
participating in a three-way handshake protocol with the client device and the server device, wherein the authenticator device and the client device obtain respective shares of a session key for a secure session with the server device;
receiving, from the client device, a submission related to the secure session of the server device;
in response to receiving the submission, releasing additional information related to the secure session previously inaccessible to the client device; and
verifying a correctness of at least one characterization of data obtained by the client device from the server device as part of the secure session based at least in part on the submission and the additional information.
2. The apparatus of claim 1, wherein the verifier device is further configured to initiate one or more automated actions in response to the verification of the correctness of the at least one representation of the data obtained by the client device from the server device.
3. The apparatus of claim 1, wherein the verifier device comprises a particular oracle machine node of a set of oracle machine nodes of a decentralized oracle system.
4. The apparatus of claim 1, wherein the verifier device comprises a distributed verifier device, wherein functionality of the verifier device is distributed across a plurality of distinct processing devices.
5. The apparatus of claim 1, wherein the server device comprises a server device having a Transport Layer Security (TLS) function and the secure session comprises a TLS session.
6. The apparatus of claim 1, wherein the submission relating to the secure session comprises a submission of query response data obtained by the client device from the server device as part of the secure session.
7. The apparatus of claim 1, wherein the submission relating to the secure session comprises a submission of a prover key established by the client device in conjunction with the three-way handshake protocol but previously inaccessible by the authenticator device.
8. The apparatus of claim 1, wherein the additional information released to the client device in response to receiving the submission comprises an authenticator key established by the authenticator device in conjunction with the three-way handshake protocol but previously inaccessible by the client device.
9. The apparatus of claim 1, wherein the verifier device is further configured to operate as a proxy for the client device in conjunction with an interaction between the client device and the server device, such that the verifier device automatically obtains, as part of the secure session, a ciphertext exchanged between the client device and the server device via the verifier device operating as the proxy.
10. The apparatus of claim 1, wherein the authenticator device is further configured to receive, from the client device, one or more statements characterizing the data obtained by the client device from the server device as part of the secure session.
11. The apparatus of claim 10, wherein a given one of the one or more statements comprises a selectively revealed substring of query response data obtained by the client device from the server device as part of the secure session.
12. The apparatus of claim 10, wherein a given one of the one or more statements is configured to provide contextual integrity by utilizing a multi-phase resolution protocol in which query response data obtained by the client device from the server device as part of the secure session is pre-processed by the client device to produce reduced data that is subsequently resolved by the client device in connection with production of the given statement to be sent by the client device to the verifier device.
13. The apparatus of claim 1, wherein in conjunction with the three-way handshake protocol, the client device and the authenticator device jointly establish one or more shared session keys with the server device, wherein the client device has a first share of a given one of the one or more shared session keys, the authenticator device has a second share of the given shared session key, and the server device has a composite session key that combines the first share and the second share.
14. The apparatus of claim 1, wherein in conjunction with the three-way handshake protocol, the client device receives an encryption key from the server device that is not accessible by the verifier device.
15. The apparatus of claim 1, wherein the authenticator device and the client device cooperate using their respective shares of the session key for the secure session with the server device to generate a query provided by the client device to the server device to request the server device to send the data to the client device.
16. The apparatus of claim 15, wherein the authenticator device and the client device cooperate using their respective shares of the session key of the secure session with the server device to authenticate a response provided by the server device to the client device in response to the query.
17. The apparatus of claim 1, wherein in conjunction with the three-way handshake protocol, the client device and the verifier device establish respective prover and verifier keys.
18. The apparatus of claim 17, wherein verifying correctness of at least one characterization of data obtained by the client device from the server device as part of the secure session comprises verifying attestation provided by a client device to the verifier device, wherein the attestation is generated by the client device based at least in part on: (i) the authenticator key established by the client device in conjunction with the three-way handshake protocol; (ii) the verifier key established by the verifier device in conjunction with the three-way handshake protocol; and (iii) secret information of the client device.
19. The apparatus of claim 1, wherein verifying correctness of at least one characterization of data obtained by the client device from the server device as part of the secure session comprises:
obtaining data derived from at least a portion of at least one ciphertext of the secure session; and
verifying, by the client device, correctness of at least one characterization of the data.
20. A method by a verifier device configured to communicate with a client device and a server device over one or more networks, the method comprising:
participating in a three-way handshake protocol with the client device and the server device, wherein the verifier device and the client device obtain respective shares of a session key for a secure session with the server device;
receiving, from the client device, a submission related to the secure session of the server device;
in response to receiving the submission, releasing additional information related to the secure session that was previously inaccessible to the client device; and
verifying correctness of at least one characterization of data obtained by the client device from the server device as part of the secure session based at least in part on the submission and the additional information;
wherein the verifier device performing the method comprises a processor coupled to a memory.
21. The method of claim 20, wherein verifying correctness of at least one characterization of data obtained by the client device from the server device as part of the secure session comprises:
obtaining data derived from at least a portion of at least one ciphertext of the secure session; and
verifying, by the client device, correctness of at least one characterization of the data.
22. The method of claim 20, wherein the verifier device is further configured to operate as a proxy for the client device in conjunction with an interaction between the client device and the server device, such that the verifier device automatically obtains, via the verifier device operating as the proxy, a ciphertext exchanged between the client device and the server device as part of the secure session.
23. A computer program product comprising a non-transitory processor-readable storage medium having stored therein program code of one or more software programs, wherein the program code, when executed by a verifier device configured to communicate with a client device and a server device over one or more networks, causes the verifier device to:
participating in a three-way handshake protocol with the client device and the server device, wherein the authenticator device and the client device obtain respective shares of a session key for a secure session with the server device;
receiving, from the client device, a submission related to the secure session of the server device;
in response to receiving the submission, releasing additional information related to the secure session that was previously inaccessible to the client device; and
verifying a correctness of at least one characterization of data obtained by the client device from the server device as part of the secure session based at least in part on the submission and the additional information.
24. The computer program product of claim 23, wherein verifying correctness of at least one characterization of data obtained by the client device from the server device as part of the secure session comprises:
obtaining data derived from at least a portion of at least one ciphertext of the secure session; and
verifying, by the client device, correctness of at least one characterization of the data.
25. The computer program product of claim 23, wherein the verifier device is further configured to operate as a proxy for the client device in conjunction with an interaction between the client device and the server device such that the verifier device automatically obtains, via the verifier device operating as the proxy, a ciphertext exchanged between the client device and the server device as part of the secure session.
CN202080073715.3A 2019-08-30 2020-08-28 Decentralized techniques for authenticating data in transport layer security and other contexts Pending CN114946152A (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US201962894052P 2019-08-30 2019-08-30
US62/894,052 2019-08-30
PCT/US2020/048344 WO2021041771A1 (en) 2019-08-30 2020-08-28 Decentralized techniques for verification of data in transport layer security and other contexts

Publications (1)

Publication Number Publication Date
CN114946152A true CN114946152A (en) 2022-08-26

Family

ID=74686039

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202080073715.3A Pending CN114946152A (en) 2019-08-30 2020-08-28 Decentralized techniques for authenticating data in transport layer security and other contexts

Country Status (7)

Country Link
US (1) US11997107B2 (en)
EP (1) EP4022840A4 (en)
JP (1) JP2022546470A (en)
KR (1) KR20220069020A (en)
CN (1) CN114946152A (en)
AU (1) AU2020336124A1 (en)
WO (1) WO2021041771A1 (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
IL279405B2 (en) * 2020-12-13 2024-01-01 Google Llc Using secure multi-party computation to improve content selection process integrity
EP4054116A1 (en) * 2021-03-05 2022-09-07 Siemens Aktiengesellschaft Ecosystem exchanging information about esg data of a product related entity
JP2022158677A (en) * 2021-04-02 2022-10-17 株式会社野村総合研究所 Device and system for zero-knowledge proof to be performed by multi-party computation
CN114154990B (en) * 2021-12-08 2022-09-20 北京汇收钱科技股份有限公司 Big data anti-attack method based on online payment and storage medium
KR102429325B1 (en) * 2022-05-02 2022-08-04 에스엠테크놀러지(주) Parallel type certificate verification system and operation method
US11526622B1 (en) 2022-07-01 2022-12-13 Space and Time, LLC Methods for verifying database query results and devices thereof
CN115622686B (en) * 2022-12-19 2023-03-21 豪符密码检测技术(成都)有限责任公司 Detection method for safe multi-party calculation

Family Cites Families (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5784463A (en) * 1996-12-04 1998-07-21 V-One Corporation Token distribution, registration, and dynamic configuration of user entitlement for an application level security system and method
US7962413B2 (en) * 1998-08-13 2011-06-14 International Business Machines Corporation End-user system of preventing unauthorized rerecording of multimedia content
US7197639B1 (en) * 1999-02-05 2007-03-27 Rsa Security Inc. Cryptographic countermeasures against connection depletion attacks
US6976090B2 (en) 2000-04-20 2005-12-13 Actona Technologies Ltd. Differentiated content and application delivery via internet
WO2006119184A2 (en) * 2005-05-04 2006-11-09 Tricipher, Inc. Protecting one-time-passwords against man-in-the-middle attacks
US8214635B2 (en) * 2006-11-28 2012-07-03 Cisco Technology, Inc. Transparent proxy of encrypted sessions
WO2008137939A2 (en) * 2007-05-07 2008-11-13 Archivas, Inc. Method for data privacy in a fixed content distributed data storage
FR2992509B1 (en) * 2012-06-21 2017-05-26 Commissariat Energie Atomique DEVICE AND METHOD FOR GENERATING A SESSION KEY
KR101801567B1 (en) 2013-12-19 2017-11-27 인텔 코포레이션 Policy-based trusted inspection of rights managed content
US20150288667A1 (en) * 2014-04-08 2015-10-08 Samsung Electronics Co., Ltd. Apparatus for sharing a session key between devices and method thereof
US10447696B2 (en) * 2014-05-16 2019-10-15 Nec Corporation Method for proving retrievability of information
US9584517B1 (en) 2014-09-03 2017-02-28 Amazon Technologies, Inc. Transforms within secure execution environments
US10567434B1 (en) * 2014-09-10 2020-02-18 Amazon Technologies, Inc. Communication channel security enhancements
US10425234B2 (en) * 2015-08-27 2019-09-24 Cavium, Llc Systems and methods for perfect forward secrecy (PFS) traffic monitoring via a hardware security module
US10425386B2 (en) 2016-05-11 2019-09-24 Oracle International Corporation Policy enforcement point for a multi-tenant identity and data security management cloud service
US10574692B2 (en) * 2016-05-30 2020-02-25 Christopher Nathan Tyrwhitt Drake Mutual authentication security system with detection and mitigation of active man-in-the-middle browser attacks, phishing, and malware and other security improvements
US11829998B2 (en) 2016-06-07 2023-11-28 Cornell University Authenticated data feed for blockchains
US11165862B2 (en) * 2017-10-24 2021-11-02 0Chain, LLC Systems and methods of blockchain platform for distributed applications
US10659228B2 (en) * 2018-06-28 2020-05-19 Nxp B.V. Method for establishing a secure communication session in a communications system
US11270403B2 (en) * 2018-07-30 2022-03-08 Hewlett Packard Enterprise Development Lp Systems and methods of obtaining verifiable image of entity by embedding secured representation of entity's distributed ledger address in image
US11070363B1 (en) * 2018-12-21 2021-07-20 Mcafee, Llc Sharing cryptographic session keys among a cluster of network security platforms monitoring network traffic flows

Also Published As

Publication number Publication date
JP2022546470A (en) 2022-11-04
KR20220069020A (en) 2022-05-26
EP4022840A4 (en) 2023-09-20
AU2020336124A1 (en) 2022-04-07
US20220377084A1 (en) 2022-11-24
EP4022840A1 (en) 2022-07-06
WO2021041771A1 (en) 2021-03-04
US11997107B2 (en) 2024-05-28

Similar Documents

Publication Publication Date Title
Zhang et al. Deco: Liberating web data using decentralized oracles for tls
EP3673435B1 (en) Improving integrity of communications between blockchain networks and external data sources
US20220318907A1 (en) Systems and methods for generating secure, encrypted communications across distributed computer networks for authorizing use of cryptography-based digital repositories in order to perform blockchain operations in decentralized applications
CN109922077B (en) Identity authentication method and system based on block chain
US11997107B2 (en) Decentralized techniques for verification of data in transport layer security and other contexts
US8010795B2 (en) Secure information transfer using dedicated public key pairs
WO2017045552A1 (en) Method and device for loading digital certificate in ssl or tls communication
Velliangiri et al. An efficient lightweight privacy-preserving mechanism for industry 4.0 based on elliptic curve cryptography
Zhou et al. Leveraging zero knowledge proofs for blockchain-based identity sharing: A survey of advancements, challenges and opportunities
Bojjagani et al. A secure end‐to‐end SMS‐based mobile banking protocol
Chen et al. Data privacy in trigger-action systems
Tan et al. Challenges of post-quantum digital signing in real-world applications: A survey
US20080127314A1 (en) Identity management facilitating minimum disclosure of user data
KR20120091618A (en) Digital signing system and method using chained hash
US8346742B1 (en) Remote verification of file protections for cloud data storage
US12113914B2 (en) Systems and methods for enforcing cryptographically secure actions in public, non-permissioned blockchains using bifurcated self-executing programs comprising shared digital signature requirements
Kim et al. Scrutinizing the vulnerability of ephemeral Diffie–Hellman over COSE (EDHOC) for IoT environment using formal approaches
Zhong et al. An Efficient Electronic English Auction System with a Secure On‐Shelf Mechanism and Privacy Preserving
US11831792B2 (en) Mutual authentication of computer systems over an insecure network
Maram Protocols for Bootstrapping and Secure Management of Decentralized Identities
US20230188364A1 (en) Partial payload encryption with integrity protection
Zhang Protocols for Connecting Blockchains with Off-Chain Systems
Sun et al. Application Research in Computer Vision Signature Encryption System of Enterprise Contract Economic Management
Drosatos Utilization and protection of personal data in ubiquitous computing environments
CN116681440A (en) Data transaction method, device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination